CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-5097 79 XSS 2012-05-21 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2 CVE-2010-5098 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3 CVE-2010-5099 20 1 Bypass File Inclusion 2012-05-30 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
4 CVE-2010-5100 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5 CVE-2010-5101 22 Dir. Trav. File Inclusion 2012-05-21 2017-08-29
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
6 CVE-2010-5102 22 Dir. Trav. 2012-05-21 2017-08-29
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
7 CVE-2010-5103 89 Exec Code Sql 2012-05-21 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2010-5104 200 +Info 2012-05-21 2017-08-29
4.3
None Remote Medium Not required Partial None None
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
9 CVE-2011-1390 89 Exec Code Sql 2012-05-14 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
10 CVE-2011-2517 119 Overflow +Priv 2012-05-24 2020-07-28
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.
11 CVE-2011-2518 20 DoS 2012-05-24 2020-07-26
4.9
None Local Low Not required None None Complete
The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name.
12 CVE-2011-2521 189 DoS 2012-05-24 2020-07-28
4.9
None Local Low Not required None None Complete
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
13 CVE-2011-2578 399 DoS 2012-05-02 2017-12-14
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
14 CVE-2011-2583 20 DoS 2012-05-02 2017-12-14
5.0
None Remote Low Not required None None Partial
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
15 CVE-2011-2586 20 DoS 2012-05-02 2012-10-30
5.4
None Remote High Not required None None Complete
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
16 CVE-2011-2699 DoS 2012-05-24 2020-07-29
7.8
None Remote Low Not required None None Complete
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
17 CVE-2011-2707 200 +Info 2012-05-24 2020-08-06
3.6
None Local Low Not required Partial None Partial
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.
18 CVE-2011-2722 59 2012-05-25 2013-10-11
1.2
None Local High Not required None Partial None
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
19 CVE-2011-2898 200 +Info 2012-05-24 2020-07-29
1.9
None Local Medium Not required Partial None None
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
20 CVE-2011-2906 400 DoS Mem. Corr. 2012-05-24 2020-07-29
4.7
None Local Medium Not required None None Complete
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.
21 CVE-2011-2918 400 DoS Overflow 2012-05-24 2020-07-31
4.9
None Local Low Not required None None Complete
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
22 CVE-2011-3048 119 DoS Exec Code Overflow 2012-05-29 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
23 CVE-2011-3078 416 DoS 2012-05-01 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
24 CVE-2011-3079 399 2012-05-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
25 CVE-2011-3080 362 Bypass 2012-05-01 2020-04-14
7.6
None Remote High Not required Complete Complete Complete
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
26 CVE-2011-3081 416 DoS 2012-05-01 2020-04-13
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
27 CVE-2011-3083 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
28 CVE-2011-3084 264 Bypass 2012-05-16 2017-12-29
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
29 CVE-2011-3085 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
30 CVE-2011-3086 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
31 CVE-2011-3087 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
32 CVE-2011-3088 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
33 CVE-2011-3089 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
34 CVE-2011-3090 362 DoS 2012-05-16 2017-12-29
7.6
None Remote High Not required Complete Complete Complete
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
35 CVE-2011-3091 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
36 CVE-2011-3092 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
37 CVE-2011-3093 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
38 CVE-2011-3094 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
39 CVE-2011-3095 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
40 CVE-2011-3096 399 DoS 2012-05-16 2017-12-29
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox.
41 CVE-2011-3097 20 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
42 CVE-2011-3098 264 +Priv 2012-05-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
43 CVE-2011-3099 399 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
44 CVE-2011-3100 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
45 CVE-2011-3101 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
46 CVE-2011-3102 189 DoS 2012-05-16 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
47 CVE-2011-3103 399 DoS 2012-05-24 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
48 CVE-2011-3104 119 DoS Overflow 2012-05-24 2017-09-19
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
49 CVE-2011-3105 399 DoS 2012-05-24 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
50 CVE-2011-3106 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Total number of vulnerabilities : 426   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.