Total
10000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
OpenStack nova base images permissions are world readable
|
|||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
|
|||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
|
|||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
|
|||||
| CVE-2012-6123 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
|
|||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
|
|||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
|
|||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
|
|||||
| CVE-2012-5639 | 3 Apache, Debian, Libreoffice | 3 Openoffice, Debian Linux, Libreoffice | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
LibreOffice and OpenOffice automatically open embedded content
|
|||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Python keyring lib before 0.10 created keyring files with world-readable permissions.
|
|||||
| CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
|
|||||
| CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
|
|||||
| CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
|
|||||
| CVE-2012-4576 | 2 Debian, Freebsd | 2 Debian Linux, Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
|
|||||
| CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
|
|||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
letodms 3.3.6 has CSRF via change password
|
|||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
|
|||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mono 2.10.x ASP.NET Web Form Hash collision DoS
|
|||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
|
|||||
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2024-11-21 | 3.3 LOW | 4.4 MEDIUM |
|
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
|
|||||
| CVE-2012-2350 | 2 Debian, Pam Shield Project | 2 Debian Linux, Pam Shield | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
pam_shield before 0.9.4: Default configuration does not perform protective action
|
|||||
| CVE-2012-2248 | 2 Debian, Dhclient Project | 2 Debian Linux, Dhclient | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
|
|||||
| CVE-2012-2237 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
|
|||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
|
|||||
| CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
|
|||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
|
|||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
|
|||||
| CVE-2012-1115 | 3 Debian, Fedoraproject, Ldap-account-manager | 3 Debian Linux, Fedora, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
|
|||||
| CVE-2012-1114 | 3 Debian, Fedoraproject, Ldap-account-manager | 3 Debian Linux, Fedora, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
|
|||||
| CVE-2012-1105 | 3 Apereo, Debian, Fedoraproject | 3 Phpcas, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
|
|||||
| CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
|
|||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
|
|||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
|
|||||
| CVE-2012-0844 | 2 Debian, Netsurf-browser | 2 Debian Linux, Netsurf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
|
|||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
uzbl: Information disclosure via world-readable cookies storage file
|
|||||
| CVE-2012-0842 | 2 Debian, Suckless | 2 Debian Linux, Surf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
surf: cookie jar has read access from other local user
|
|||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities
|
|||||
| CVE-2012-0051 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
|
|||||
| CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
|
|||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
|
|||||