Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2898 2 Apple, Google 2 Ipad2, Chrome 2026-06-16 5.0 MEDIUM N/A
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.
CVE-2012-2746 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2026-06-16 2.1 LOW N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
CVE-2012-2739 1 Oracle 3 Jdk, Jre, Openjdk 2026-06-16 5.0 MEDIUM N/A
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2012-2686 1 Openssl 1 Openssl 2026-06-16 5.0 MEDIUM N/A
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
CVE-2012-2681 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2026-06-16 5.8 MEDIUM N/A
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
CVE-2012-2678 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2026-06-16 1.2 LOW N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVE-2012-2500 1 Cisco 1 Anyconnect Secure Mobility Client 2026-06-16 4.0 MEDIUM N/A
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
CVE-2012-2499 1 Cisco 1 Anyconnect Secure Mobility Client 2026-06-16 5.8 MEDIUM N/A
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
CVE-2012-2417 1 Dlitz 1 Pycrypto 2026-06-16 4.3 MEDIUM N/A
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
CVE-2012-2405 2 Maian, Menalto 2 Gallery, Gallery 2026-06-16 10.0 HIGH N/A
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
CVE-2012-2328 2 Opensuse, Standards Based Linux Instrumentation Project 2 Opensuse, Standards-based Linux Common Information Model Client 2026-06-16 5.0 MEDIUM N/A
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
CVE-2012-2317 2 Canonical, Debian 4 Php5, Ubuntu Linux, Debian Linux and 1 more 2026-06-16 4.3 MEDIUM N/A
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.
CVE-2012-2230 1 Cloudera 2 Cloudera Manager, Cloudera Service And Configuration Manager 2026-06-16 6.5 MEDIUM N/A
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.
CVE-2012-2190 1 Ibm 1 Websphere Application Server 2026-06-16 5.0 MEDIUM N/A
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.
CVE-2012-2187 1 Ibm 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more 2026-06-16 5.0 MEDIUM N/A
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2012-2162 1 Ibm 1 Websphere Application Server 2026-06-16 6.8 MEDIUM N/A
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
CVE-2012-2146 1 Ematia 1 Elixir 2026-06-16 4.3 MEDIUM N/A
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.
CVE-2012-2143 4 Debian, Freebsd, Php and 1 more 4 Debian Linux, Freebsd, Php and 1 more 2026-06-16 4.3 MEDIUM N/A
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
CVE-2012-2126 3 Canonical, Redhat, Rubygems 3 Ubuntu Linux, Openshift, Rubygems 2026-06-16 4.3 MEDIUM N/A
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
CVE-2012-2098 1 Apache 1 Commons Compress 2026-06-16 5.0 MEDIUM N/A
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.