Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6472 | 2 Opera, Unix | 2 Opera Browser, Unix | 2024-11-21 | 4.6 MEDIUM | N/A |
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file. | |||||
CVE-2012-1931 | 2 Opera, Unix | 2 Opera Browser, Unix | 2024-11-21 | 4.6 MEDIUM | N/A |
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||||
CVE-2012-1930 | 2 Opera, Unix | 2 Opera Browser, Unix | 2024-11-21 | 4.6 MEDIUM | N/A |
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2011-4369 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | |||||
CVE-2010-2791 | 2 Apache, Unix | 2 Http Server, Unix | 2024-11-21 | 5.0 MEDIUM | N/A |
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. | |||||
CVE-2010-2665 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | |||||
CVE-2010-2661 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | |||||
CVE-2010-2660 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | |||||
CVE-2010-2659 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | |||||
CVE-2010-2594 | 7 Ibm, Intersect Alliance, Linux and 4 more | 14 Aix, Snare Agent, Snare Epilog and 11 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | |||||
CVE-2010-2203 | 2 Adobe, Unix | 3 Acrobat, Acrobat Reader, Unix | 2024-11-21 | 6.8 MEDIUM | N/A |
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2009-3959 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. | |||||
CVE-2009-3958 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. | |||||
CVE-2009-3957 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2009-3956 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. | |||||
CVE-2009-3954 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." | |||||
CVE-2009-2166 | 2 Ocsinventory-ng, Unix | 2 Ocs Inventory Ng, Unix | 2024-11-21 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | |||||
CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2024-11-21 | 2.1 LOW | N/A |
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. | |||||
CVE-2009-1251 | 2 Openafs, Unix | 2 Openafs, Unix | 2024-11-21 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. | |||||
CVE-2008-4815 | 2 Adobe, Unix | 3 Acrobat, Acrobat Reader, Unix | 2024-11-21 | 7.5 HIGH | N/A |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. |