Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1460 | 8 Aladdin, Anti-virus, Antiy and 5 more | 8 Esafe, Vba32, Avl Sdk and 5 more | 2025-04-11 | N/A |
| The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. | ||||
| CVE-2012-1462 | 10 Ahnlab, Aladdin, Avg and 7 more | 10 V3 Internet Security, Esafe, Avg Anti-virus and 7 more | 2025-04-11 | N/A |
| The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | ||||
| CVE-2012-1463 | 12 Ahnlab, Aladdin, Authentium and 9 more | 12 V3 Internet Security, Esafe, Command Antivirus and 9 more | 2025-04-11 | N/A |
| The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
| CVE-2012-1508 | 1 Vmware | 3 Esx, Esxi, View | 2025-04-11 | N/A |
| The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | ||||
| CVE-2012-1611 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. | ||||
| CVE-2012-1620 | 1 Suckless | 1 Slock | 2025-04-11 | N/A |
| slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. | ||||
| CVE-2012-1642 | 2 Drupal, Yaml-fuer-drupal | 2 Drupal, Linkchecker | 2025-04-11 | N/A |
| includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-1644 | 2 Drupal, Gizra | 2 Drupal, Og Vocab | 2025-04-11 | N/A |
| The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. | ||||
| CVE-2012-1650 | 2 Drupal, Giantrobot | 2 Drupal, Zipcart | 2025-04-11 | N/A |
| The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. | ||||
| CVE-2012-1818 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2025-04-11 | N/A |
| An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. | ||||
| CVE-2012-1827 | 1 Efstechnology | 1 Autoform Pdm Archive | 2025-04-11 | N/A |
| The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request. | ||||
| CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2025-04-11 | N/A |
| The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. | ||||
| CVE-2012-1906 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | 5.5 Medium |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. | ||||
| CVE-2012-1968 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | ||||
| CVE-2012-1969 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. | ||||
| CVE-2012-1986 | 3 Cloudforms Cloudengine, Puppet, Puppetlabs | 5 1, Puppet, Puppet Enterprise and 2 more | 2025-04-11 | N/A |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. | ||||
| CVE-2012-2010 | 1 Hp | 1 Openvms | 2025-04-11 | N/A |
| The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2012-2053 | 1 F5 | 1 Firepass | 2025-04-11 | N/A |
| The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. | ||||
| CVE-2012-2058 | 2 Drupal, Paypal | 2 Drupal, Ubercart Payflow | 2025-04-11 | N/A |
| The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | ||||