Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3538 2 Cloudforms Tools, Redhat 2 1, Cloudforms 2025-04-11 N/A
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
CVE-2012-3540 2 Openstack, Redhat 2 Horizon, Openstack 2025-04-11 N/A
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
CVE-2012-3542 2 Openstack, Redhat 3 Essex, Horizon, Openstack 2025-04-11 N/A
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
CVE-2012-3544 2 Apache, Redhat 2 Tomcat, Jboss Enterprise Web Server 2025-04-11 N/A
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
CVE-2012-3546 2 Apache, Redhat 8 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 5 more 2025-04-11 N/A
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
CVE-2012-3547 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2025-04-11 N/A
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
CVE-2012-3548 1 Wireshark 1 Wireshark 2025-04-11 N/A
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
CVE-2012-3549 1 Freebsd 1 Freebsd 2025-04-11 N/A
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
CVE-2012-3551 1 Dell 1 Crowbar 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
CVE-2012-3552 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Eus 2025-04-11 5.9 Medium
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
CVE-2012-3553 1 Digium 1 Asterisk 2025-04-11 N/A
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
CVE-2012-3554 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2025-04-11 N/A
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-3555 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
CVE-2012-3556 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
CVE-2012-3557 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
CVE-2012-3558 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
CVE-2012-3560 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
CVE-2012-3561 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
CVE-2012-3562 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
CVE-2012-3563 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.