Search

Search Results (364869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1516 1 Vmware 2 Esx, Esxi 2025-04-11 9.9 Critical
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
CVE-2012-1517 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.
CVE-2012-1518 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.
CVE-2012-1520 1 Apple 1 Safari 2025-04-11 N/A
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
CVE-2012-1521 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 N/A
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-1522 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
CVE-2012-0937 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
CVE-2012-0949 1 Canonical 1 Ubuntu Linux 2025-04-11 N/A
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.
CVE-2012-0942 1 Realnetworks 2 Helix Mobile Server, Helix Server 2025-04-11 N/A
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.
CVE-2012-0944 2 Canonical, Sebastian Heinlein 2 Ubuntu Linux, Aptdaemon 2025-04-11 N/A
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
CVE-2012-0946 1 Nvidia 1 Unix Driver 2025-04-11 N/A
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.
CVE-2012-0947 1 Libav 1 Libav 2025-04-11 N/A
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
CVE-2012-0948 2 Canonical, Gnome 2 Ubuntu Linux, Update-manager-core 2025-04-11 N/A
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
CVE-2012-0950 1 Canonical 1 Ubuntu Linux 2025-04-11 N/A
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
CVE-2012-0954 1 Debian 1 Advanced Package Tool 2025-04-11 N/A
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
CVE-2012-0956 1 Ubiquity Slideshow Team 1 Ubiquity-slideshow-ubuntu 2025-04-11 N/A
ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed.
CVE-2012-0957 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
CVE-2012-0958 1 Ps Project Management Team 1 Unity-firefox-extension 2025-04-11 N/A
content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.
CVE-2012-0959 1 Remote Login Service Hackers 1 Remote Login Service 2025-04-11 N/A
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
CVE-2012-0960 1 Ps Project Management Team 1 Unity-firefox-extension 2025-04-11 N/A
Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.