Export limit exceeded: 35281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2025-04-12 | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | ||||
| CVE-2012-5501 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | ||||
| CVE-2012-5498 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | ||||
| CVE-2012-5489 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | ||||
| CVE-2012-5487 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | ||||
| CVE-2012-5477 | 1 Theforeman | 1 Foreman | 2025-04-12 | N/A |
| The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | ||||
| CVE-2012-5390 | 1 Condor Project | 1 Condor | 2025-04-12 | N/A |
| The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. | ||||
| CVE-2012-5243 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | ||||
| CVE-2012-3946 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. | ||||
| CVE-2012-0214 | 1 Advanced Package Tool | 1 Advanced Package Tool | 2025-04-12 | N/A |
| The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned. | ||||
| CVE-2011-4573 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | ||||
| CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-04-12 | N/A |
| The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | ||||
| CVE-2011-1381 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2011-0993 | 1 Novell | 1 Suse Lifecycle Management Server | 2025-04-12 | N/A |
| SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-5138 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | ||||
| CVE-2012-4230 | 1 Tinymce | 1 Tinymce | 2025-04-12 | N/A |
| The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | ||||
| CVE-2014-2200 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-12 | N/A |
| Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | ||||
| CVE-2014-2197 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2025-04-12 | N/A |
| The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. | ||||
| CVE-2014-2173 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | N/A |
| Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. | ||||
| CVE-2014-2130 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | N/A |
| Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | ||||