Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5660 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2023-02-13 | 6.9 MEDIUM | N/A |
| abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." | |||||
| CVE-2012-5635 | 2 Gluster, Redhat | 4 Glusterfs, Storage Management Console, Storage Native Client and 1 more | 2023-02-13 | 2.1 LOW | N/A |
| The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. | |||||
| CVE-2012-5498 | 1 Plone | 1 Plone | 2023-02-13 | 5.0 MEDIUM | N/A |
| queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | |||||
| CVE-2012-4518 | 1 Openfabrics | 1 Ibacm | 2023-02-13 | 3.6 LOW | N/A |
| ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | |||||
| CVE-2012-4454 | 1 Opencryptoki Project | 1 Opencryptoki | 2023-02-13 | 2.9 LOW | N/A |
| openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. | |||||
| CVE-2012-4417 | 1 Gluster | 1 Glusterfs | 2023-02-13 | 3.6 LOW | N/A |
| GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
| CVE-2012-3417 | 1 Jan Kara | 1 Linux Diskquota | 2023-02-13 | 4.0 MEDIUM | N/A |
| The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. | |||||
| CVE-2012-3390 | 1 Moodle | 1 Moodle | 2023-02-13 | 3.5 LOW | N/A |
| lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | |||||
| CVE-2012-3386 | 1 Gnu | 1 Automake | 2023-02-13 | 4.4 MEDIUM | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2378 | 1 Apache | 1 Cxf | 2023-02-13 | 4.3 MEDIUM | N/A |
| Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. | |||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2023-02-13 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | |||||
| CVE-2012-2335 | 1 Php | 1 Php | 2023-02-13 | 7.5 HIGH | N/A |
| php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. | |||||
| CVE-2012-0875 | 1 Systemtap | 1 Systemtap | 2023-02-13 | 5.4 MEDIUM | N/A |
| SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer. | |||||
| CVE-2011-4328 | 1 Gnu | 1 Gnash | 2023-02-13 | 5.0 MEDIUM | N/A |
| plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2011-4309 | 1 Moodle | 1 Moodle | 2023-02-13 | 5.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | |||||
| CVE-2011-4300 | 1 Moodle | 1 Moodle | 2023-02-13 | 5.0 MEDIUM | N/A |
| The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | |||||
| CVE-2011-4288 | 1 Moodle | 1 Moodle | 2023-02-13 | 4.0 MEDIUM | N/A |
| Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. | |||||
| CVE-2011-4110 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 2.1 LOW | N/A |
| The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." | |||||
| CVE-2011-4080 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.0 MEDIUM | N/A |
| The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. | |||||
| CVE-2011-2729 | 2 Apache, Linux | 3 Apache Commons Daemon, Tomcat, Linux Kernel | 2023-02-13 | 5.0 MEDIUM | N/A |
| native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | |||||