Total
2447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5484 | 1 Redhat | 1 Freeipa | 2024-11-21 | 7.9 HIGH | N/A |
| The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. | |||||
| CVE-2012-5456 | 1 Zoner | 1 Zoner Antivirus Free | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. | |||||
| CVE-2012-5375 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.0 MEDIUM | N/A |
| The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. | |||||
| CVE-2012-5374 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.0 MEDIUM | N/A |
| The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value. | |||||
| CVE-2012-5373 | 1 Oracle | 3 Jdk, Jre, Openjdk | 2024-11-21 | 5.0 MEDIUM | N/A |
| Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. | |||||
| CVE-2012-5372 | 1 Rubinius | 1 Rubinius | 2024-11-21 | 5.0 MEDIUM | N/A |
| Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm. | |||||
| CVE-2012-5371 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 5.0 MEDIUM | N/A |
| Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. | |||||
| CVE-2012-5370 | 1 Jruby | 1 Jruby | 2024-11-21 | 5.0 MEDIUM | N/A |
| JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838. | |||||
| CVE-2012-5301 | 1 Cerberusftp | 1 Ftp Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. | |||||
| CVE-2012-4977 | 1 Layton Technology | 1 Helpbox | 2024-11-21 | 5.0 MEDIUM | N/A |
| Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. | |||||
| CVE-2012-4960 | 1 Huawei | 66 Acu, Ar 19\/29\/49, Ar G3 and 63 more | 2024-11-21 | 6.5 MEDIUM | N/A |
| The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2012-4947 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2024-11-21 | 5.0 MEDIUM | N/A |
| Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. | |||||
| CVE-2012-4946 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2024-11-21 | 5.0 MEDIUM | N/A |
| Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings. | |||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2024-11-21 | 2.6 LOW | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2012-4929 | 3 Debian, Google, Mozilla | 3 Debian Linux, Chrome, Firefox | 2024-11-21 | 2.6 LOW | N/A |
| The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2012-4917 | 1 Tripadvisor | 1 Tripadvisor | 2024-11-21 | 5.0 MEDIUM | N/A |
| The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-4899 | 1 Wellintech | 1 Kingview | 2024-11-21 | 2.1 LOW | N/A |
| WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. | |||||
| CVE-2012-4898 | 1 Tropos | 9 1310 Distrubution Automation Mesh Router, 1410 Mesh Router, 1410 Wireless Mesh Router and 6 more | 2024-11-21 | 6.1 MEDIUM | N/A |
| Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | |||||
| CVE-2012-4829 | 1 Ibm | 1 Xiv Storage System Gen3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | |||||
| CVE-2012-4716 | 1 N-tron | 1 702w Industrial Wireless Access Point | 2024-11-21 | 8.8 HIGH | N/A |
| N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | |||||