Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2722 2 Drupal, Scott Reynen 2 Drupal, Node Embed 2025-04-11 N/A
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
CVE-2012-2378 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2025-04-11 N/A
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
CVE-2012-2303 2 Drupal, Florian Weber 2 Drupal, Spaces 2025-04-11 N/A
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
CVE-2012-2289 1 Emc 2 Applicationxtender Desktop, Applicationxtender Web Access .net 2025-04-11 N/A
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.
CVE-2012-2200 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
CVE-2012-0657 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
CVE-2012-2179 1 Ibm 1 Aix 2025-04-11 N/A
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2012-2120 1 Debian 1 Texlive-extra-utils 2025-04-11 N/A
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2012-2121 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Virtualization 2025-04-11 N/A
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
CVE-2012-2123 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
CVE-2010-3615 1 Isc 1 Bind 2025-04-11 N/A
named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
CVE-2010-1067 1 Hasmir Alic 1 E-membres 2025-04-11 N/A
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
CVE-2012-1154 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Enterprise Web Server and 1 more 2025-04-11 N/A
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
CVE-2010-4238 3 Citrix, Linux, Redhat 3 Xen, Linux Kernel, Enterprise Linux 2025-04-11 N/A
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
CVE-2012-2058 2 Drupal, Paypal 2 Drupal, Ubercart Payflow 2025-04-11 N/A
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
CVE-2013-1662 1 Vmware 2 Player, Workstation 2025-04-11 N/A
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
CVE-2012-2603 1 Collabnet 1 Scrumworks 2025-04-11 N/A
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
CVE-2012-5660 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2025-04-11 N/A
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
CVE-2012-1986 3 Cloudforms Cloudengine, Puppet, Puppetlabs 5 1, Puppet, Puppet Enterprise and 2 more 2025-04-11 N/A
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
CVE-2012-2696 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.