Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | ||||
| CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | ||||
| CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | ||||
| CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | ||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | ||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | ||||
| CVE-2012-4912 | 1 Novell | 1 Groupwise | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. | ||||
| CVE-2012-4914 | 1 Coolpdf | 1 Coolpdf | 2025-04-11 | N/A |
| Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. | ||||
| CVE-2012-4917 | 1 Tripadvisor | 1 Tripadvisor | 2025-04-11 | N/A |
| The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-4918 | 1 Activision | 1 Call Of Duty Elite | 2025-04-11 | N/A |
| Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | ||||
| CVE-2012-4928 | 1 Oxwall | 1 Oxwall | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. | ||||
| CVE-2012-4922 | 1 Torproject | 1 Tor | 2025-04-11 | N/A |
| The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | ||||
| CVE-2012-4923 | 1 Endian | 1 Firewall | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. | ||||
| CVE-2012-4924 | 1 Asus | 2 Ipswcom Activex Component, Net4switch | 2025-04-11 | N/A |
| Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. | ||||
| CVE-2012-4925 | 1 Imgpals | 1 Img Pals Photo Host | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2012-4926 | 1 Imgpals | 1 Img Pals Photo Host | 2025-04-11 | N/A |
| approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action. | ||||
| CVE-2012-4927 | 1 Limesurvey | 1 Limesurvey | 2025-04-11 | N/A |
| SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | ||||
| CVE-2012-4929 | 4 Debian, Google, Mozilla and 1 more | 5 Debian Linux, Chrome, Firefox and 2 more | 2025-04-11 | N/A |
| The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2025-04-11 | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
| CVE-2012-4932 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action. | ||||