Export limit exceeded: 363250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4398 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.
CVE-2012-4399 1 Cakefoundation 1 Cakephp 2025-04-11 7.5 High
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVE-2012-4400 1 Moodle 1 Moodle 2025-04-11 N/A
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
CVE-2012-4401 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
CVE-2012-4402 1 Moodle 1 Moodle 2025-04-11 N/A
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
CVE-2012-4427 1 Gnome 1 Gnome-shell 2025-04-11 N/A
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
CVE-2012-4404 1 Moinmo 1 Moinmoin 2025-04-11 N/A
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
CVE-2012-4405 4 Argyllcms, Color, Ghostscript and 1 more 4 Cms, Icclib, Ghostscript and 1 more 2025-04-11 N/A
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
CVE-2012-4406 3 Fedoraproject, Openstack, Redhat 8 Fedora, Swift, Enterprise Linux Server and 5 more 2025-04-11 9.8 Critical
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
CVE-2012-4407 1 Moodle 1 Moodle 2025-04-11 N/A
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.
CVE-2012-4408 1 Moodle 1 Moodle 2025-04-11 N/A
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
CVE-2012-4409 1 Mcrypt 1 Mcrypt 2025-04-11 N/A
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2012-4412 1 Gnu 1 Glibc 2025-04-11 N/A
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
CVE-2012-4413 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
CVE-2012-4414 2 Mariadb, Oracle 2 Mariadb, Mysql 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
CVE-2012-4415 2 Fedoraproject, Guac-dev 2 Fedora, Guacamole 2025-04-11 N/A
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
CVE-2012-4416 3 Oracle, Redhat, Sun 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
CVE-2012-4417 2 Gluster, Redhat 2 Glusterfs, Storage 2025-04-11 N/A
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-4418 1 Apache 1 Axis2 2025-04-11 N/A
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."