Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5383 | 1 Oracle | 1 Mysql | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation | ||||
| CVE-2012-0187 | 1 Ibm | 1 Lotus Expeditor | 2025-04-11 | N/A |
| Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2012-5459 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | N/A |
| Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." | ||||
| CVE-2012-0224 | 1 7t | 1 Aquis | 2025-04-11 | N/A |
| Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. | ||||
| CVE-2012-5510 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. | ||||
| CVE-2012-5514 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. | ||||
| CVE-2012-5517 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. | ||||
| CVE-2012-0218 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. | ||||
| CVE-2012-6460 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | ||||
| CVE-2012-6471 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | ||||
| CVE-2012-6498 | 1 Maxtom | 1 Atomymaxsite | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012. | ||||
| CVE-2012-6509 | 1 Netartmedia | 1 Car Portal | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. | ||||
| CVE-2012-6615 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. | ||||
| CVE-2012-6617 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. | ||||
| CVE-2013-0727 | 1 Bluemarblegeo | 1 Global Mapper | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .gmc, .gmg, .gmp, .gms, .gmw, or .opt file. | ||||
| CVE-2013-0773 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Firefox and 4 more | 2025-04-11 | N/A |
| The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||||
| CVE-2013-1092 | 1 Novell | 1 Zenworks Desktop Management | 2025-04-11 | N/A |
| Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. | ||||
| CVE-2013-1164 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2025-04-11 | N/A |
| Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. | ||||
| CVE-2013-1193 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2025-04-11 | N/A |
| The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937. | ||||
| CVE-2013-1712 | 2 Microsoft, Mozilla | 7 Windows 7, Windows 8, Windows Server 2008 and 4 more | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. | ||||