Search Results (2511 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4114 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949.
CVE-2012-4073 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.
CVE-2012-3887 1 Airdroid 1 Airdroid 2025-04-11 N/A
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.
CVE-2012-3818 1 Mikel Olasagasti 1 Revelation 2025-04-11 N/A
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
CVE-2012-3746 1 Apple 1 Iphone Os 2025-04-11 N/A
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
CVE-2012-3734 1 Apple 1 Iphone Os 2025-04-11 N/A
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
CVE-2012-3732 1 Apple 1 Iphone Os 2025-04-11 N/A
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
CVE-2012-3715 1 Apple 1 Safari 2025-04-11 N/A
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
CVE-2012-3533 2 Ovirt, Ovirt-engine-sdk 3 Ovirt, Ovirt-engine-cli, 3.1.0.5 2025-04-11 N/A
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.
CVE-2012-3514 1 Nicolas Cannasse 1 Ocaml Xml-light Library 2025-04-11 N/A
OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2012-3505 1 Banu 1 Tinyproxy 2025-04-11 N/A
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
CVE-2012-3458 1 Python 1 Beaker 2025-04-11 N/A
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
CVE-2012-3431 1 Redhat 2 Jboss Enterprise Data Services, Jboss Enterprise Data Services Platform 2025-04-11 N/A
The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.
CVE-2012-3378 1 Gnome 1 At-spi2-atk 2025-04-11 N/A
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
CVE-2012-3372 1 Elitecore 1 Cyberoam Unified Threat Management 2025-04-11 7.4 High
The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key.
CVE-2012-3367 1 Redhat 2 Certificate System, Dogtag Certificate System 2025-04-11 N/A
Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.
CVE-2012-3312 1 Ibm 1 Infosphere Guardium 2025-04-11 N/A
The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2012-3287 1 Poul-henning Kamp 1 Md5crypt 2025-04-11 N/A
Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware.
CVE-2013-1058 1 Canonical 2 Maas, Ubuntu Linux 2025-04-11 N/A
maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
CVE-2012-3039 1 Moxa 5 Oncell Gateway Firmware, Oncell Gateway G3111, Oncell Gateway G3151 and 2 more 2025-04-11 N/A
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere.