Export limit exceeded: 343654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | ||||
| CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 8.8 High |
| Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | ||||
| CVE-2012-4434 | 1 Cipherdyne | 1 Fwknop | 2024-11-21 | 8.8 High |
| fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | ||||
| CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 High |
| openslp: SLPIntersectStringList()' Function has a DoS vulnerability | ||||
| CVE-2012-4420 | 1 Oracle | 1 Jdk | 2024-11-21 | 7.5 High |
| An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information. | ||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 6.5 Medium |
| letodms 3.3.6 has CSRF via change password | ||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 6.1 Medium |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | ||||
| CVE-2012-4383 | 1 Contao | 1 Contao | 2024-11-21 | 8.8 High |
| contao prior to 2.11.4 has a sql injection vulnerability | ||||
| CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.1 High |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | ||||
| CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | ||||
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 High |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | ||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | ||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | ||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 4.3 Medium |
| A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | ||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. | ||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | ||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | ||||
| CVE-2012-3807 | 1 Samsung | 1 Kies | 2024-11-21 | 9.8 Critical |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | ||||