Search Results (9537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4192 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
CVE-2012-4022 1 Simon Brown 1 Pebble 2025-04-11 N/A
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.
CVE-2012-4020 1 Mosp 1 Kintai Kanri 2025-04-11 N/A
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
CVE-2012-4016 2 Google, Justsystems 2 Android, Atok 2025-04-11 N/A
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
CVE-2012-4210 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-11 N/A
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
CVE-2012-4225 1 Nvidia 1 Unix Graphic Driver 2025-04-11 N/A
NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.
CVE-2012-4248 1 Amazon 1 Kindle Touch 2025-04-11 N/A
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.
CVE-2012-4553 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
CVE-2013-2247 2 Drupal, Fast Permissions Administration Project 2 Drupal, Fast Permission Administration 2025-04-11 N/A
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
CVE-2013-2256 2 Openstack, Redhat 2 Nova, Openstack 2025-04-11 N/A
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
CVE-2013-2301 1 Omron 1 Openwnn 2025-04-11 N/A
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
CVE-2012-3993 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
CVE-2013-2747 1 Courion 1 Access Risk Management Suite 2025-04-11 N/A
The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to navigate the file system and open a command prompt.
CVE-2012-1427 3 Cat, Norman, Sophos 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus 2025-04-11 N/A
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2011-3645 1 Newgensoft 1 Omnidocs 2025-04-11 N/A
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
CVE-2013-2834 1 Google 1 Chrome Os 2025-04-11 N/A
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835.
CVE-2013-3509 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.
CVE-2013-3693 1 Blackberry 1 Blackberry Enterprise Service 2025-04-11 N/A
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
CVE-2013-3709 2 Novell, Suse 3 Suse Lifecycle Management Server, Studio Onsite, Webyast 2025-04-11 N/A
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
CVE-2013-4216 1 Intel 1 Wimax Network Service 2025-04-11 N/A
The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file.