Vulnerabilities (CVE)

Filtered by CWE-20
Total 11538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6135 2 Phusion, Redhat 2 Passenger, Openshift 2026-06-16 6.4 MEDIUM 7.5 HIGH
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2012-6125 1 Call-cc 1 Chicken 2026-06-16 7.5 HIGH 9.8 CRITICAL
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
CVE-2012-6123 2 Call-cc, Debian 2 Chicken, Debian Linux 2026-06-16 5.0 MEDIUM 6.5 MEDIUM
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
CVE-2012-6111 2 Debian, Gnome 2 Debian Linux, Gnome Keyring 2026-06-16 5.0 MEDIUM 7.5 HIGH
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVE-2012-6101 1 Moodle 1 Moodle 2026-06-16 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
CVE-2012-6099 1 Moodle 1 Moodle 2026-06-16 4.0 MEDIUM N/A
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
CVE-2012-6087 1 Moodle 1 Moodle 2026-06-16 5.8 MEDIUM N/A
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.
CVE-2012-6085 1 Gnupg 1 Gnupg 2026-06-16 5.8 MEDIUM N/A
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
CVE-2012-6073 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-6072 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2012-6070 1 Falconpl 1 Falconpl 2026-06-16 5.0 MEDIUM 7.5 HIGH
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
CVE-2012-6062 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2012-6059 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2012-6044 1 Mjsware 1 M-player 2026-06-16 4.3 MEDIUM N/A
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
CVE-2012-6035 1 Xen 1 Xen 2026-06-16 6.9 MEDIUM N/A
The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2012-6034 1 Xen 1 Xen 2026-06-16 4.4 MEDIUM N/A
The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2012-6031 1 Xen 1 Xen 2026-06-16 4.7 MEDIUM N/A
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2012-6030 1 Xen 1 Xen 2026-06-16 7.2 HIGH N/A
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2012-5968 1 Huawei 2 E585, E585u-82 2026-06-16 4.8 MEDIUM N/A
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.
CVE-2012-5825 1 Tweepy 1 Tweepy 2026-06-16 5.8 MEDIUM N/A
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.