Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3433 1 Xen 1 Xen 2025-04-11 N/A
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.
CVE-2012-3435 1 Zabbix 1 Zabbix 2025-04-11 N/A
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2012-3436 1 Openttd 1 Openttd 2025-04-11 N/A
OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."
CVE-2012-3437 1 Imagemagick 1 Imagemagick 2025-04-11 N/A
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2012-3438 1 Graphicsmagick 1 Graphicsmagick 2025-04-11 N/A
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2012-3440 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2012-3441 1 Icinga 1 Icinga 2025-04-11 N/A
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
CVE-2012-3443 1 Djangoproject 1 Django 2025-04-11 N/A
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
CVE-2012-3444 1 Djangoproject 1 Django 2025-04-11 N/A
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.
CVE-2012-3445 1 Redhat 2 Enterprise Linux, Libvirt 2025-04-11 N/A
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
CVE-2012-3446 1 Apache 1 Libcloud 2025-04-11 5.9 Medium
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVE-2012-3447 1 Openstack 2 Folsom, Nova 2025-04-11 N/A
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.
CVE-2012-3448 1 Ganglia 1 Ganglia-web 2025-04-11 N/A
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
CVE-2012-2890 1 Google 1 Chrome 2025-04-11 N/A
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
CVE-2012-2891 1 Google 1 Chrome 2025-04-11 N/A
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
CVE-2012-2892 1 Google 1 Chrome 2025-04-11 N/A
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
CVE-2012-2893 2 Google, Redhat 2 Chrome, Enterprise Linux 2025-04-11 N/A
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
CVE-2012-2894 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2012-2895 1 Google 1 Chrome 2025-04-11 N/A
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
CVE-2012-2896 2 Apple, Google 2 Mac Os X, Chrome 2025-04-11 N/A
Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.