Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4447 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-04-11 | N/A |
| Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. | ||||
| CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | ||||
| CVE-2012-4450 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | ||||
| CVE-2012-4458 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. | ||||
| CVE-2012-4452 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-04-11 | N/A |
| MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. | ||||
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 6 Dracut, Fedora, Enterprise Linux and 3 more | 2025-04-11 | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | ||||
| CVE-2012-4454 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | N/A |
| openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. | ||||
| CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | N/A |
| openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | ||||
| CVE-2012-4456 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. | ||||
| CVE-2012-4457 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | ||||
| CVE-2012-4459 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. | ||||
| CVE-2012-4460 | 1 Apache | 1 Qpid | 2025-04-11 | N/A |
| The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. | ||||
| CVE-2012-4461 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-04-11 | N/A |
| The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. | ||||
| CVE-2012-4462 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2025-04-11 | N/A |
| aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option. | ||||
| CVE-2012-4463 | 1 Midnight-commander | 1 Midnight Commander | 2025-04-11 | N/A |
| Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. | ||||
| CVE-2012-4464 | 2 Redhat, Ruby-lang | 2 Openshift, Ruby | 2025-04-11 | N/A |
| Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. | ||||
| CVE-2012-4465 | 1 Lars Hjemli | 1 Cgit | 2025-04-11 | N/A |
| Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit. | ||||
| CVE-2012-4466 | 2 Redhat, Ruby-lang | 2 Openshift, Ruby | 2025-04-11 | N/A |
| Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | ||||
| CVE-2012-4467 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. | ||||
| CVE-2012-4468 | 2 Drupal, Privatemsg Project | 2 Drupal, Privatemsg | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | ||||