Total
11448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2026-06-16 | 6.0 MEDIUM | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | |||||
| CVE-2012-3556 | 1 Opera | 1 Opera Browser | 2026-06-16 | 9.3 HIGH | N/A |
| Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. | |||||
| CVE-2012-3544 | 1 Apache | 1 Tomcat | 2026-06-16 | 5.0 MEDIUM | N/A |
| Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2012-3540 | 1 Openstack | 1 Horizon | 2026-06-16 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. | |||||
| CVE-2012-3525 | 2 Jabber2, Jabberd2 | 2 Jabberd2, Jabberd2 | 2026-06-16 | 5.8 MEDIUM | N/A |
| s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | |||||
| CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2026-06-16 | 7.2 HIGH | N/A |
| Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | |||||
| CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2026-06-16 | 5.6 MEDIUM | N/A |
| PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | |||||
| CVE-2012-3497 | 1 Xen | 1 Xen | 2026-06-16 | 6.9 MEDIUM | N/A |
| (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. | |||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2026-06-16 | 6.1 MEDIUM | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2012-3485 | 1 Google | 1 Tunnelblick | 2026-06-16 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2012-3451 | 1 Apache | 1 Cxf | 2026-06-16 | 4.3 MEDIUM | N/A |
| Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. | |||||
| CVE-2012-3443 | 1 Djangoproject | 1 Django | 2026-06-16 | 5.0 MEDIUM | N/A |
| The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. | |||||
| CVE-2012-3436 | 1 Openttd | 1 Openttd | 2026-06-16 | 5.0 MEDIUM | N/A |
| OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half." | |||||
| CVE-2012-3429 | 1 Martin Nagy | 1 Bind-dyndb-ldap | 2026-06-16 | 5.0 MEDIUM | N/A |
| The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. | |||||
| CVE-2012-3411 | 2 Redhat, Thekelleys | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. | |||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2026-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |||||
| CVE-2012-3399 | 1 Artis.imag | 1 Basilic | 2026-06-16 | 7.5 HIGH | N/A |
| Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
| CVE-2012-3371 | 1 Openstack | 3 Compute, Essex, Folsom | 2026-06-16 | 3.5 LOW | N/A |
| The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | |||||