Total
5484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3575 | 2 Rbx Gallery, Wordpress | 2 Rbx Gallery, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | ||||
| CVE-2012-3579 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | ||||
| CVE-2012-3690 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | ||||
| CVE-2012-3698 | 1 Apple | 1 Xcode | 2025-04-11 | N/A |
| Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. | ||||
| CVE-2012-3714 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | ||||
| CVE-2012-3729 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. | ||||
| CVE-2012-3736 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | ||||
| CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | ||||
| CVE-2012-3739 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. | ||||
| CVE-2012-3740 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | ||||
| CVE-2012-3750 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | ||||
| CVE-2012-3866 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2025-04-11 | N/A |
| lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. | ||||
| CVE-2012-3867 | 7 Canonical, Cloudforms Cloudengine, Debian and 4 more | 9 Ubuntu Linux, 1, Debian Linux and 6 more | 2025-04-11 | N/A |
| lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. | ||||
| CVE-2012-3965 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. | ||||
| CVE-2012-3973 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | ||||
| CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||||
| CVE-2012-4016 | 2 Google, Justsystems | 2 Android, Atok | 2025-04-11 | N/A |
| The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | ||||
| CVE-2012-4022 | 1 Simon Brown | 1 Pebble | 2025-04-11 | N/A |
| Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | ||||
| CVE-2012-4035 | 1 Pbboard | 1 Pbboard | 2025-04-11 | N/A |
| The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. | ||||