Export limit exceeded: 365153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365153 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0950 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. | ||||
| CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2025-04-11 | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | ||||
| CVE-2012-0956 | 1 Ubiquity Slideshow Team | 1 Ubiquity-slideshow-ubuntu | 2025-04-11 | N/A |
| ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed. | ||||
| CVE-2012-0957 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | ||||
| CVE-2012-0958 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2025-04-11 | N/A |
| content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. | ||||
| CVE-2012-0959 | 1 Remote Login Service Hackers | 1 Remote Login Service | 2025-04-11 | N/A |
| Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. | ||||
| CVE-2012-0960 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2025-04-11 | N/A |
| Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request. | ||||
| CVE-2012-0961 | 1 Debian | 2 Advanced Package Tool, Apt | 2025-04-11 | N/A |
| Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | ||||
| CVE-2012-0962 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2025-04-11 | N/A |
| Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-0973 | 1 Osclass | 1 Osclass | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0974 | 1 Juan Ramon | 1 Osclass | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | ||||
| CVE-2012-0975 | 1 Clixint | 1 Image Hosting Script Dpi | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter. | ||||
| CVE-2012-0976 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0977 | 1 Luratech | 1 Lurawave Jp2 Activex Control | 2025-04-11 | N/A |
| Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | ||||
| CVE-2012-0978 | 1 Luratech | 1 Lurawave Jp2 Browser Plug-in | 2025-04-11 | N/A |
| Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | ||||
| CVE-2012-0979 | 1 Twiki | 1 Twiki | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. | ||||
| CVE-2012-0980 | 1 Phux | 1 Download Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter. | ||||
| CVE-2012-0981 | 1 Kybernetika | 1 Phpshowtime | 2025-04-11 | N/A |
| Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. | ||||
| CVE-2012-0982 | 1 Vastal | 1 Agent Zone | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter. | ||||
| CVE-2012-0983 | 1 Scriptsez | 1 Ez Album | 2025-04-11 | N/A |
| SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||