Export limit exceeded: 346977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2632 | 1 Seil | 5 B1, B1 Firmware, X1 and 2 more | 2025-04-11 | N/A |
| SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session. | ||||
| CVE-2012-2652 | 1 Qemu | 1 Qemu | 2025-04-11 | N/A |
| The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. | ||||
| CVE-2012-2653 | 1 Lawrence Berkeley National Laboratory | 1 Arpwatch | 2025-04-11 | N/A |
| arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. | ||||
| CVE-2012-2667 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | N/A |
| Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | ||||
| CVE-2012-2671 | 1 Rtomayko | 1 Rack-cach | 2025-04-11 | N/A |
| The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache. | ||||
| CVE-2012-2672 | 2 Oracle, Redhat | 2 Mojarra, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function. | ||||
| CVE-2012-2735 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2025-04-11 | N/A |
| Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | ||||
| CVE-2012-2744 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-04-11 | N/A |
| net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. | ||||
| CVE-2012-2751 | 4 Debian, Opensuse, Oracle and 1 more | 4 Debian Linux, Opensuse, Http Server and 1 more | 2025-04-11 | N/A |
| ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. | ||||
| CVE-2012-2752 | 1 Vmware | 1 Vma | 2025-04-11 | N/A |
| Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2012-2753 | 1 Checkpoint | 4 Endpoint Connect, Endpoint Security, Endpoint Security Vpn and 1 more | 2025-04-11 | N/A |
| Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2010-1616 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | ||||
| CVE-2012-3421 | 1 Sgi | 1 Performance Co-pilot | 2025-04-11 | N/A |
| The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." | ||||
| CVE-2012-3437 | 1 Imagemagick | 1 Imagemagick | 2025-04-11 | N/A |
| The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | ||||
| CVE-2012-3450 | 1 Php | 1 Php | 2025-04-11 | N/A |
| pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | ||||
| CVE-2012-3475 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. | ||||
| CVE-2012-3530 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. | ||||
| CVE-2012-3549 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk. | ||||
| CVE-2012-3553 | 1 Digium | 1 Asterisk | 2025-04-11 | N/A |
| chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. | ||||
| CVE-2012-3562 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page. | ||||