Total
5469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4419 | 4 Libguestfs, Novell, Redhat and 1 more | 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | ||||
| CVE-2013-6129 | 1 Vbulletin | 1 Vbulletin | 2025-04-11 | N/A |
| The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | ||||
| CVE-2012-1078 | 2 Claus Due, Typo3 | 2 Sysutils, Typo3 | 2025-04-11 | N/A |
| The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | ||||
| CVE-2011-1665 | 1 Phpboost | 1 Phpboost | 2025-04-11 | N/A |
| PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | ||||
| CVE-2012-6422 | 2 Meizu, Samsung | 3 Mx, Galaxy Note 2, Galaxy S2 | 2025-04-11 | N/A |
| The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | ||||
| CVE-2012-3386 | 2 Gnu, Redhat | 2 Automake, Enterprise Linux | 2025-04-11 | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-0691 | 1 Broadcom | 1 License Software | 2025-04-11 | N/A |
| CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2012-3504 | 1 Fedoraproject | 1 Crypto-utils | 2025-04-11 | N/A |
| The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | ||||
| CVE-2012-4510 | 1 Cups-pk-helper Project | 1 Cups-pk-helper | 2025-04-11 | N/A |
| cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources. | ||||
| CVE-2012-1053 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | N/A |
| The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. | ||||
| CVE-2012-0878 | 2 Pythonpaste, Redhat | 2 Paste, Enterprise Linux | 2025-04-11 | N/A |
| Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. | ||||
| CVE-2012-0458 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. | ||||
| CVE-2012-6076 | 1 Inkscape | 1 Inkscape | 2025-04-11 | N/A |
| Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. | ||||
| CVE-2012-0393 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. | ||||
| CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2025-04-11 | N/A |
| EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | ||||
| CVE-2012-0371 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2025-04-11 | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. | ||||
| CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2025-04-11 | N/A |
| dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | ||||
| CVE-2012-0364 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2025-04-11 | N/A |
| Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | ||||
| CVE-2011-4588 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | ||||
| CVE-2012-0326 | 2 Google, Tetsuya Aoyama | 2 Android, Twicca | 2025-04-11 | N/A |
| The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. | ||||