Total
5469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3441 | 1 Icinga | 1 Icinga | 2025-04-11 | N/A |
| The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. | ||||
| CVE-2012-3457 | 1 Pnp4nagios | 1 Pnp4nagios | 2025-04-11 | N/A |
| PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. | ||||
| CVE-2012-3558 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects. | ||||
| CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. | ||||
| CVE-2012-3697 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | ||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | ||||
| CVE-2012-3750 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | ||||
| CVE-2012-4020 | 1 Mosp | 1 Kintai Kanri | 2025-04-11 | N/A |
| MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors. | ||||
| CVE-2012-4022 | 1 Simon Brown | 1 Pebble | 2025-04-11 | N/A |
| Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | ||||
| CVE-2012-4106 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | ||||
| CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | ||||
| CVE-2012-4387 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. | ||||
| CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2025-04-11 | N/A |
| The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. | ||||
| CVE-2012-4518 | 2 Openfabrics, Redhat | 2 Ibacm, Enterprise Linux | 2025-04-11 | N/A |
| ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | ||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2025-04-11 | N/A |
| McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | ||||
| CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-11 | N/A |
| McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | ||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2025-04-11 | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | ||||
| CVE-2012-4861 | 1 Ibm | 1 Infosphere Replication Server | 2025-04-11 | N/A |
| The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL. | ||||
| CVE-2012-4954 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2025-04-11 | N/A |
| The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | ||||
| CVE-2012-5117 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | ||||