Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2898 2 Apple, Google 2 Ipad2, Chrome 2025-04-11 N/A
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.
CVE-2012-3514 1 Nicolas Cannasse 1 Ocaml Xml-light Library 2025-04-11 N/A
OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2012-3533 2 Ovirt, Ovirt-engine-sdk 3 Ovirt, Ovirt-engine-cli, 3.1.0.5 2025-04-11 N/A
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.
CVE-2012-3715 1 Apple 1 Safari 2025-04-11 N/A
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
CVE-2012-3732 1 Apple 1 Iphone Os 2025-04-11 N/A
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
CVE-2012-3734 1 Apple 1 Iphone Os 2025-04-11 N/A
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
CVE-2012-3746 1 Apple 1 Iphone Os 2025-04-11 N/A
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
CVE-2012-4571 1 Python 1 Keyring 2025-04-11 N/A
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
CVE-2012-4578 2 Freebsd, Pawel Jakub Dawidek 2 Freebsd, Geli 2025-04-11 N/A
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.
CVE-2012-4584 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.
CVE-2012-4615 1 Emc 1 It Operations Intelligence 2025-04-11 N/A
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2011-0766 2 Erlang, Ssh 3 Crypto, Erlang\/otp, Ssh 2025-04-11 N/A
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
CVE-2012-4693 2 Invensys, Siemens 2 Wonderware Intouch, Processsuite 2025-04-11 N/A
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.
CVE-2012-4694 1 Moxa 2 Edr-g903, Edr G903 Firmware 2025-04-11 N/A
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
CVE-2012-5370 2 Jruby, Redhat 3 Jruby, Fuse Esb Enterprise, Jboss Enterprise Soa Platform 2025-04-11 N/A
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
CVE-2012-5371 2 Redhat, Ruby-lang 2 Openshift, Ruby 2025-04-11 N/A
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
CVE-2012-5372 1 Rubinius 1 Rubinius 2025-04-11 N/A
Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.
CVE-2012-5373 1 Oracle 3 Jdk, Jre, Openjdk 2025-04-11 N/A
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.
CVE-2012-5374 1 Linux 1 Linux Kernel 2025-04-11 N/A
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.
CVE-2012-5375 1 Linux 1 Linux Kernel 2025-04-11 N/A
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.