Total
1465 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2879 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 4.3 MEDIUM | N/A |
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | |||||
CVE-2012-2878 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | |||||
CVE-2012-2877 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2012-2876 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2012-2874 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. | |||||
CVE-2012-2872 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2869 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." | |||||
CVE-2012-2868 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 6.8 MEDIUM | N/A |
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. | |||||
CVE-2012-2867 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2012-2866 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||||
CVE-2012-2865 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 4.3 MEDIUM | N/A |
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||||
CVE-2012-2751 | 4 Debian, Opensuse, Oracle and 1 more | 4 Debian Linux, Opensuse, Http Server and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. | |||||
CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2024-11-21 | 3.3 LOW | 4.4 MEDIUM |
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
CVE-2012-2328 | 2 Opensuse, Standards Based Linux Instrumentation Project | 2 Opensuse, Standards-based Linux Common Information Model Client | 2024-11-21 | 5.0 MEDIUM | N/A |
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | |||||
CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
CVE-2012-2040 | 7 Adobe, Apple, Google and 4 more | 8 Air, Flash Player, Macos and 5 more | 2024-11-21 | 9.3 HIGH | N/A |
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. | |||||
CVE-2012-2039 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-11-21 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2012-2038 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
CVE-2012-2037 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-11-21 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. | |||||
CVE-2012-2036 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. |