Export limit exceeded: 29944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2395 | 2 Michael Dehaan, Redhat | 2 Cobbler, Network Satellite | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API. | ||||
| CVE-2012-2396 | 1 Videolan | 1 Vlc Media Player | 2025-04-11 | N/A |
| VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | ||||
| CVE-2012-2406 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
| RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2012-2424 | 2 Intuit, Microsoft | 2 Quickbooks, Internet Explorer | 2025-04-11 | N/A |
| The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter. | ||||
| CVE-2012-2450 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | ||||
| CVE-2012-2451 | 1 Shlomi Fish | 1 Config-inifiles | 2025-04-11 | N/A |
| The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. | ||||
| CVE-2012-2519 | 1 Microsoft | 8 .net Framework, Windows 7, Windows 8 and 5 more | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." | ||||
| CVE-2012-5173 | 1 Bigace | 1 Bigace | 2025-04-11 | N/A |
| Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2012-2551 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | N/A |
| The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." | ||||
| CVE-2012-2627 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | N/A |
| d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request. | ||||
| CVE-2012-2632 | 1 Seil | 5 B1, B1 Firmware, X1 and 2 more | 2025-04-11 | N/A |
| SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session. | ||||
| CVE-2012-3304 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. | ||||
| CVE-2012-4423 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-11 | N/A |
| The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. | ||||
| CVE-2012-3381 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2025-04-11 | N/A |
| sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2012-3375 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. | ||||
| CVE-2012-3398 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | ||||
| CVE-2012-3421 | 1 Sgi | 1 Performance Co-pilot | 2025-04-11 | N/A |
| The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." | ||||
| CVE-2012-3437 | 1 Imagemagick | 1 Imagemagick | 2025-04-11 | N/A |
| The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | ||||
| CVE-2012-3450 | 1 Php | 1 Php | 2025-04-11 | N/A |
| pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | ||||
| CVE-2012-3475 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. | ||||