Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | N/A |
| The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | ||||
| CVE-2010-0728 | 1 Samba | 1 Samba | 2025-04-11 | N/A |
| smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | ||||
| CVE-2010-2198 | 1 Rpm | 1 Rpm | 2025-04-11 | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. | ||||
| CVE-2014-0268 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2012-4112 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | ||||
| CVE-2012-4121 | 1 Cisco | 1 Nx-os | 2025-04-11 | N/A |
| Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | ||||
| CVE-2013-4707 | 1 Dlink | 2 Des-3810, Des-3810 Firmware | 2025-04-11 | N/A |
| The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | ||||
| CVE-2012-4413 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | ||||
| CVE-2012-4431 | 2 Apache, Redhat | 6 Tomcat, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2025-04-11 | N/A |
| org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. | ||||
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2025-04-11 | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | ||||
| CVE-2012-4491 | 2 Drupal, Earl Dunovant | 2 Drupal, Monthly Archive By Node Type | 2025-04-11 | N/A |
| The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors. | ||||
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2025-04-11 | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | ||||
| CVE-2012-4747 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. | ||||
| CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | N/A |
| fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | ||||
| CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | ||||
| CVE-2012-4964 | 1 Samsung | 1 Printer Firmware | 2025-04-11 | N/A |
| The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | ||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | N/A |
| The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | ||||
| CVE-2012-5146 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | ||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-5217 | 1 Hp | 1 System Management Homepage | 2025-04-11 | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. | ||||