Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2201 2 Mark Stosberg, Perl 2 Data\, Perl 2025-04-11 N/A
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
CVE-2013-5606 2 Mozilla, Redhat 2 Network Security Services, Enterprise Linux 2025-04-11 N/A
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.
CVE-2012-6562 1 Elgg 1 Elgg 2025-04-11 N/A
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
CVE-2013-4729 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.
CVE-2013-6434 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
CVE-2012-0450 3 Apple, Linux, Mozilla 4 Mac Os X, Linux Kernel, Firefox and 1 more 2025-04-11 N/A
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.
CVE-2012-3750 1 Apple 1 Iphone Os 2025-04-11 N/A
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
CVE-2010-5293 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
CVE-2012-0427 1 Opensuse 1 Opensuse 2025-04-11 N/A
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
CVE-2012-4861 1 Ibm 1 Infosphere Replication Server 2025-04-11 N/A
The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL.
CVE-2012-4501 2 Apache, Citrix 2 Cloudstack, Cloudstack 2025-04-11 N/A
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3743 1 Apple 1 Iphone Os 2025-04-11 N/A
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
CVE-2012-0396 1 Emc 1 Documentum Xplore 2025-04-11 N/A
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.
CVE-2013-6431 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.
CVE-2013-1964 1 Xen 1 Xen 2025-04-11 N/A
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.
CVE-2012-4833 1 Ibm 2 Aix, Vios 2025-04-11 N/A
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
CVE-2013-1959 1 Linux 1 Linux Kernel 2025-04-11 N/A
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
CVE-2010-0380 1 Jce-tech 1 Php Calendars Script 2025-04-11 N/A
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVE-2011-4718 1 Php 1 Php 2025-04-11 N/A
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2012-2994 1 Cososys 1 Endpoint Protector Appliace 4 2025-04-11 N/A
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.