Search

Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3329 2 Ibm, Linux 3 Advanced Settings Utility, Bootable Media Creator, Linux Kernel 2025-04-11 N/A
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.
CVE-2012-3330 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.
CVE-2012-3334 1 Ibm 1 Informix Dynamic Server 2025-04-11 N/A
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
CVE-2012-3350 1 Valarsoft 1 Webmatic 2025-04-11 N/A
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2012-3342 3 Oracle, Redhat, Sun 6 Jdk, Jre, Network Satellite and 3 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVE-2012-3343 1 Bloxx 1 Web Filtering 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.
CVE-2012-3345 1 Ioquake3 1 Ioquake3 Engine 2025-04-11 N/A
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.
CVE-2012-3354 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2025-04-11 N/A
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
CVE-2012-3355 1 Gnome 1 Rhythmbox 2025-04-11 N/A
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVE-2012-3356 1 Viewvc 1 Viewvc 2025-04-11 N/A
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2012-3357 1 Viewvc 1 Viewvc 2025-04-11 N/A
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
CVE-2012-3358 2 Redhat, Uclouvain 2 Enterprise Linux, Openjpeg 2025-04-11 N/A
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
CVE-2012-3360 1 Openstack 2 Essex, Folsom 2025-04-11 N/A
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
CVE-2012-3361 1 Openstack 3 Diablo, Essex, Folsom 2025-04-11 N/A
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
CVE-2012-3362 1 Extplorer 1 Extplorer 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.
CVE-2012-3363 3 Debian, Fedoraproject, Zend 3 Debian Linux, Fedora, Zend Framework 2025-04-11 9.1 Critical
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
CVE-2012-3364 1 Linux 1 Linux Kernel 2025-04-11 N/A
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.
CVE-2012-3365 1 Php 1 Php 2025-04-11 N/A
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
CVE-2012-3366 1 Anl 1 Bcfg2 2025-04-11 N/A
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
CVE-2012-3367 1 Redhat 2 Certificate System, Dogtag Certificate System 2025-04-11 N/A
Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.