Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6108 1 Hp 1 Linux Imaging And Printing Project 2025-04-11 N/A
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.
CVE-2010-0509 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
CVE-2012-6112 2 Moodle, Tinymce 2 Moodle, Spellchecker Php 2025-04-11 N/A
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
CVE-2012-6116 3 Cloudforms Systemengine, Katello, Rhel Sam 4 1, Katello, Katello-configure and 1 more 2025-04-11 N/A
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
CVE-2012-6117 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
CVE-2012-6118 2 Cloudforms Cloudengine, Redhat 2 1, Aeolus Conductor 2025-04-11 N/A
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
CVE-2012-6119 3 Candlepinproject, Redhat, Rhel Sam 3 Candlepin, Subscription Asset Manager, 1.2 2025-04-11 N/A
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
CVE-2012-6120 1 Redhat 3 Openstack, Openstack Essex, Openstack Folsom 2025-04-11 N/A
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
CVE-2012-6334 1 Samsung 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more 2025-04-11 N/A
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
CVE-2012-6355 1 Ibm 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more 2025-04-11 N/A
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
CVE-2012-6356 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
CVE-2012-6357 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
CVE-2012-6359 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2025-04-11 N/A
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.
CVE-2012-6422 2 Meizu, Samsung 3 Mx, Galaxy Note 2, Galaxy S2 2025-04-11 N/A
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
CVE-2010-1505 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
CVE-2012-6431 1 Sensiolabs 1 Symfony 2025-04-11 N/A
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
CVE-2012-6432 1 Sensiolabs 1 Symfony 2025-04-11 N/A
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
CVE-2012-6462 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
CVE-2012-6472 2 Opera, Unix 2 Opera Browser, Unix 2025-04-11 N/A
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.
CVE-2013-0346 1 Apache 1 Tomcat 2025-04-11 N/A
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."