Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5638 | 1 Ovirt | 1 Sanlock | 2024-11-21 | 3.6 LOW | N/A |
| The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations. | |||||
| CVE-2012-5635 | 2 Gluster, Redhat | 4 Glusterfs, Storage Management Console, Storage Native Client and 1 more | 2024-11-21 | 2.1 LOW | N/A |
| The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. | |||||
| CVE-2012-5629 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2024-11-21 | 7.5 HIGH | N/A |
| The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. | |||||
| CVE-2012-5605 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 2.1 LOW | N/A |
| Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | |||||
| CVE-2012-5604 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 4.3 MEDIUM | N/A |
| The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2012-5603 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 5.5 MEDIUM | N/A |
| proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | |||||
| CVE-2012-5588 | 2 Drupal, Epiqo | 2 Drupal, Email | 2024-11-21 | 2.6 LOW | N/A |
| The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | |||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-11-21 | 2.1 LOW | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | |||||
| CVE-2012-5584 | 2 Drupal, M2osw | 2 Drupal, Tableofcontents | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | |||||
| CVE-2012-5574 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 5.0 MEDIUM | N/A |
| lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||||
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2024-11-21 | 2.1 LOW | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | |||||
| CVE-2012-5557 | 2 Drupal, User Read-only Project | 2 Drupal, User Readonly | 2024-11-21 | 3.6 LOW | N/A |
| The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. | |||||
| CVE-2012-5543 | 2 Drupal, Feeds Project | 2 Drupal, Feeds | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed. | |||||
| CVE-2012-5539 | 2 Drupal, Organic Groups Project | 2 Drupal, Organic Groups | 2024-11-21 | 3.5 LOW | N/A |
| The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | |||||
| CVE-2012-5530 | 1 Sgi | 1 Performance Co-pilot | 2024-11-21 | 2.1 LOW | N/A |
| The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. | |||||
| CVE-2012-5523 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.5 MEDIUM | N/A |
| core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. | |||||
| CVE-2012-5522 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.5 MEDIUM | N/A |
| MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting. | |||||
| CVE-2012-5519 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 7.2 HIGH | N/A |
| CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | |||||
| CVE-2012-5509 | 1 Redhat | 1 Cloudforms Cloud Engine | 2024-11-21 | 2.1 LOW | N/A |
| aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. | |||||
| CVE-2012-5501 | 1 Plone | 1 Plone | 2024-11-21 | 5.0 MEDIUM | N/A |
| at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | |||||