Total
18198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 9.8 Critical |
| BabyGekko before 1.2.4 allows PHP file inclusion. | ||||
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2024-11-21 | 9.8 Critical |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | ||||
| CVE-2012-5618 | 1 Ushahidi | 1 Ushahidi | 2024-11-21 | 9.8 Critical |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | ||||
| CVE-2012-5582 | 1 Opendnssec | 1 Opendnssec | 2024-11-21 | 9.8 Critical |
| opendnssec misuses libcurl API | ||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2024-11-21 | 9.6 Critical |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | ||||
| CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2024-11-21 | 9.8 Critical |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | ||||
| CVE-2012-4919 | 1 Gallery Project | 1 Gallery | 2024-11-21 | 9.8 Critical |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | ||||
| CVE-2012-4787 | 1 Microsoft | 7 Internet Explorer, Windows 7, Windows 8 and 4 more | 2024-11-21 | 9 Critical |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." | ||||
| CVE-2012-4750 | 1 Ezhometech | 1 Ezserver | 2024-11-21 | 9.8 Critical |
| A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service | ||||
| CVE-2012-4406 | 3 Fedoraproject, Openstack, Redhat | 8 Fedora, Swift, Enterprise Linux Server and 5 more | 2024-11-21 | 9.8 Critical |
| OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | ||||
| CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | ||||
| CVE-2012-3807 | 1 Samsung | 1 Kies | 2024-11-21 | 9.8 Critical |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | ||||
| CVE-2012-3503 | 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more | 4 1, Enterprise Linux Server, 1.1 and 1 more | 2024-11-21 | 9.8 Critical |
| The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. | ||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 9.8 Critical |
| cumin: At installation postgresql database user created without password | ||||
| CVE-2012-3363 | 3 Debian, Fedoraproject, Zend | 3 Debian Linux, Fedora, Zend Framework | 2024-11-21 | 9.1 Critical |
| Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2012-2926 | 1 Atlassian | 7 Bamboo, Confluence, Confluence Server and 4 more | 2024-11-21 | 9.1 Critical |
| Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | ||||
| CVE-2012-2714 | 1 Browserid Project | 1 Browserid | 2024-11-21 | 9.8 Critical |
| The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | ||||
| CVE-2012-2666 | 1 Golang | 1 Go | 2024-11-21 | 9.8 Critical |
| golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | ||||
| CVE-2012-2239 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-11-21 | 9.1 Critical |
| Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php. | ||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 9.8 Critical |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | ||||