Search

Search Results (363296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4437 1 Smarty 1 Smarty 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.
CVE-2012-4442 1 Monkey-project 1 Monkey 2025-04-11 N/A
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
CVE-2012-4443 1 Monkey-project 1 Monkey 2025-04-11 N/A
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
CVE-2012-4444 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.
CVE-2012-4445 1 W1.fi 1 Hostapd 2025-04-11 N/A
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
CVE-2012-4446 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVE-2012-4447 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2025-04-11 N/A
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
CVE-2012-4448 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.
CVE-2012-4450 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
CVE-2012-4458 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
CVE-2012-4452 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2025-04-11 N/A
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
CVE-2012-4453 3 Dracut Project, Fedoraproject, Redhat 6 Dracut, Fedora, Enterprise Linux and 3 more 2025-04-11 N/A
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
CVE-2012-4454 1 Opencryptoki Project 1 Opencryptoki 2025-04-11 N/A
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
CVE-2012-4455 1 Opencryptoki Project 1 Opencryptoki 2025-04-11 N/A
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
CVE-2012-4456 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
CVE-2012-4457 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
CVE-2012-4459 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
CVE-2012-4460 1 Apache 1 Qpid 2025-04-11 N/A
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
CVE-2012-4461 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-11 N/A
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.
CVE-2012-4462 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-11 N/A
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.