Filtered by vendor
Subscriptions
Total
316 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-0118 | 1 Cs-cart | 1 Cs-cart | 2024-11-21 | N/A |
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | ||||
CVE-2012-6050 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A |
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | ||||
CVE-2012-5770 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | N/A |
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. | ||||
CVE-2012-5634 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | ||||
CVE-2012-5613 | 3 Linux, Mariadb, Oracle | 3 Linux Kernel, Mariadb, Mysql | 2024-11-21 | N/A |
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. | ||||
CVE-2012-5526 | 2 Andy Armstrong, Redhat | 2 Cgi.pm, Enterprise Linux | 2024-11-21 | N/A |
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | ||||
CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2024-11-21 | N/A |
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | ||||
CVE-2012-4690 | 1 Rockwellautomation | 3 Ab Micrologix Controller, Plc-5 Controller, Slc 500 Controller | 2024-11-21 | N/A |
Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. | ||||
CVE-2012-4546 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | N/A |
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. | ||||
CVE-2012-4537 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2024-11-21 | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | ||||
CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | ||||
CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2024-11-21 | N/A |
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||||
CVE-2012-3392 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | ||||
CVE-2012-3276 | 1 Hp | 1 Openvms | 2024-11-21 | N/A |
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. | ||||
CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-11-21 | N/A |
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | ||||
CVE-2012-1909 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2024-11-21 | N/A |
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | ||||
CVE-2012-0957 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-11-21 | N/A |
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | ||||
CVE-2012-0797 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | ||||
CVE-2012-0147 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-11-21 | N/A |
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." | ||||
CVE-2011-4585 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. |