Total
307662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6302 | 1 Soapbox Project | 1 Soapbox | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | |||||
| CVE-2012-6297 | 1 Dd-wrt | 1 Dd-wrt | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2012-6277 | 3 Hp, Ibm, Symantec | 7 Autonomy Keyview Idol, Domino, Notes and 4 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | |||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
| CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||
| CVE-2012-6133 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | |||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | |||||
| CVE-2012-6124 | 1 Call-cc | 1 Chicken | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | |||||
| CVE-2012-6123 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | |||||
| CVE-2012-6122 | 1 Call-cc | 1 Chicken | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. | |||||
| CVE-2012-6114 | 1 Git-extras Project | 1 Git-extras | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | |||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | |||||
| CVE-2012-6091 | 1 Magentocommerce | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. | |||||
| CVE-2012-6083 | 1 Freeciv | 1 Freeciv | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2012-6079 | 1 Boldgrid | 1 W3 Total Cache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys. | |||||
| CVE-2012-6078 | 1 Boldgrid | 1 W3 Total Cache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes. | |||||
| CVE-2012-6077 | 1 Boldgrid | 1 W3 Total Cache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files. | |||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
| CVE-2012-6070 | 1 Falconpl | 1 Falconpl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. | |||||