Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5485 | 1 Plone | 1 Plone | 2023-02-12 | 6.8 MEDIUM | N/A |
| registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |||||
| CVE-2023-22849 | 1 Apache | 1 Sling Cms | 2023-02-12 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | |||||
| CVE-2012-4460 | 1 Apache | 1 Qpid | 2023-02-12 | 5.0 MEDIUM | N/A |
| The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. | |||||
| CVE-2012-4530 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 2.1 LOW | N/A |
| The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-4414 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2023-02-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. | |||||
| CVE-2012-4565 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.7 MEDIUM | N/A |
| The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. | |||||
| CVE-2012-4508 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 1.9 LOW | N/A |
| Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. | |||||
| CVE-2012-4444 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 5.0 MEDIUM | N/A |
| The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. | |||||
| CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2023-02-12 | 7.2 HIGH | N/A |
| Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | |||||
| CVE-2012-4527 | 1 Mcrypt | 1 Mcrypt | 2023-02-12 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability. | |||||
| CVE-2012-4417 | 1 Gluster | 1 Glusterfs | 2023-02-12 | 3.6 LOW | N/A |
| GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
| CVE-2012-4575 | 2 Pgbouncer Project, Postgresql | 2 Pgbouncer, Postgresql | 2023-02-12 | 5.0 MEDIUM | N/A |
| The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. | |||||
| CVE-2012-4564 | 5 Canonical, Debian, Libtiff and 2 more | 8 Ubuntu Linux, Debian Linux, Libtiff and 5 more | 2023-02-12 | 6.8 MEDIUM | N/A |
| ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | |||||
| CVE-2012-4447 | 1 Libtiff | 1 Libtiff | 2023-02-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. | |||||
| CVE-2012-4518 | 1 Openfabrics | 1 Ibacm | 2023-02-12 | 3.6 LOW | N/A |
| ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | |||||
| CVE-2012-4517 | 1 Openfabrics | 1 Ibacm | 2023-02-12 | 5.0 MEDIUM | N/A |
| ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. | |||||
| CVE-2012-4516 | 1 Openfabrics | 1 Librdmacm | 2023-02-12 | 5.8 MEDIUM | N/A |
| librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service. | |||||
| CVE-2012-4406 | 1 Openstack | 1 Swift | 2023-02-12 | 7.5 HIGH | N/A |
| OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | |||||
| CVE-2012-4467 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.6 MEDIUM | N/A |
| The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. | |||||
| CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2023-02-12 | 6.2 MEDIUM | N/A |
| openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | |||||