Search Results (9582 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0692 1 Broadcom 1 License Software 2025-04-11 N/A
CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.
CVE-2012-0701 1 Ibm 2 Infosphere Datastage, Infosphere Information Server 2025-04-11 N/A
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2012-0706 1 Ibm 1 Scale Out Network Attached Storage 2025-04-11 N/A
IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine.
CVE-2012-0733 1 Ibm 1 Rational Appscan 2025-04-11 N/A
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
CVE-2012-0745 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
CVE-2012-0776 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-11 N/A
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
CVE-2012-0793 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
CVE-2012-0798 1 Moodle 1 Moodle 2025-04-11 N/A
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
CVE-2012-0827 1 Drupal 1 Drupal 2025-04-11 N/A
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
CVE-2012-0833 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2025-04-11 N/A
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
CVE-2012-1053 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2025-04-11 N/A
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
CVE-2012-1054 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2025-04-11 N/A
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
CVE-2012-1056 2 Drupal, Sean Robertson 2 Drupal, Forward 2025-04-11 N/A
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
CVE-2012-1078 2 Claus Due, Typo3 2 Sysutils, Typo3 2025-04-11 N/A
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."
CVE-2012-1095 1 Opensuse 2 Opensuse, Osc 2025-04-11 N/A
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.
CVE-2012-1106 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2025-04-11 N/A
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
CVE-2012-1118 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.
CVE-2012-1119 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.
CVE-2012-1120 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
CVE-2012-1121 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.