Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2681 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-08-06 | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | ||||
CVE-2012-2678 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2024-08-06 | N/A |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. | ||||
CVE-2012-2417 | 1 Dlitz | 1 Pycrypto | 2024-08-06 | N/A |
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. | ||||
CVE-2012-2405 | 2 Maian, Menalto | 2 Gallery, Gallery | 2024-08-06 | N/A |
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. | ||||
CVE-2012-2328 | 3 Opensuse, Redhat, Standards Based Linux Instrumentation Project | 3 Opensuse, Enterprise Linux, Standards-based Linux Common Information Model Client | 2024-08-06 | N/A |
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | ||||
CVE-2012-2187 | 1 Ibm | 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more | 2024-08-06 | N/A |
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||||
CVE-2012-2230 | 1 Cloudera | 2 Cloudera Manager, Cloudera Service And Configuration Manager | 2024-08-06 | N/A |
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. | ||||
CVE-2012-2190 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. | ||||
CVE-2012-2143 | 5 Debian, Freebsd, Php and 2 more | 5 Debian Linux, Freebsd, Php and 2 more | 2024-08-06 | N/A |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | ||||
CVE-2012-2162 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | ||||
CVE-2012-2126 | 3 Canonical, Redhat, Rubygems | 5 Ubuntu Linux, Enterprise Linux, Enterprise Mrg and 2 more | 2024-08-06 | N/A |
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | ||||
CVE-2012-2146 | 1 Ematia | 1 Elixir | 2024-08-06 | N/A |
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. | ||||
CVE-2012-2098 | 1 Apache | 1 Commons Compress | 2024-08-06 | N/A |
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. | ||||
CVE-2012-1923 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2024-08-06 | N/A |
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | ||||
CVE-2012-1803 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2024-08-06 | N/A |
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. | ||||
CVE-2012-1574 | 2 Apache, Cloudera | 3 Hadoop, Cloudera Cdh, Hadoop | 2024-08-06 | N/A |
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. | ||||
CVE-2012-1573 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-06 | N/A |
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. | ||||
CVE-2012-1244 | 1 Nttdocomo | 1 Spmode Mail Android | 2024-08-06 | N/A |
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2012-1150 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2024-08-06 | N/A |
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||||
CVE-2012-0861 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager | 2024-08-06 | N/A |
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. |