Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4387 | 1 Apache | 1 Struts | 2024-08-06 | N/A |
| Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. | ||||
| CVE-2012-4417 | 2 Gluster, Redhat | 2 Glusterfs, Storage | 2024-08-06 | N/A |
| GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
| CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2024-08-06 | N/A |
| The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | ||||
| CVE-2012-4230 | 1 Tinymce | 1 Tinymce | 2024-08-06 | N/A |
| The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | ||||
| CVE-2012-4210 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Enterprise Linux | 2024-08-06 | N/A |
| The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. | ||||
| CVE-2012-4203 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
| The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. | ||||
| CVE-2012-4225 | 1 Nvidia | 1 Unix Graphic Driver | 2024-08-06 | N/A |
| NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0. | ||||
| CVE-2012-4192 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-08-06 | N/A |
| Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. | ||||
| CVE-2012-4141 | 1 Cisco | 1 Nx-os | 2024-08-06 | N/A |
| Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | ||||
| CVE-2012-4136 | 1 Cisco | 1 Unified Computing System | 2024-08-06 | N/A |
| The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. | ||||
| CVE-2012-4063 | 1 Eucalyptus | 1 Eucalyptus | 2024-08-06 | N/A |
| The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2012-3991 | 4 Canonical, Mozilla, Redhat and 1 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2024-08-06 | N/A |
| Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2012-4035 | 1 Pbboard | 1 Pbboard | 2024-08-06 | N/A |
| The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. | ||||
| CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-06 | N/A |
| Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||||
| CVE-2012-4022 | 1 Simon Brown | 1 Pebble | 2024-08-06 | N/A |
| Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | ||||
| CVE-2012-3973 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
| The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | ||||
| CVE-2012-4016 | 2 Google, Justsystems | 2 Android, Atok | 2024-08-06 | N/A |
| The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | ||||
| CVE-2012-3965 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
| Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. | ||||
| CVE-2012-4020 | 1 Mosp | 1 Kintai Kanri | 2024-08-06 | N/A |
| MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors. | ||||
| CVE-2012-3978 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Seamonkey and 3 more | 2024-08-06 | N/A |
| The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. | ||||