CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2012-1681 2012-05-03 2017-12-07
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.
152 CVE-2012-1679 2012-05-03 2013-10-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.
153 CVE-2012-1676 2012-05-03 2013-10-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking.
154 CVE-2012-1675 264 Exec Code 2012-05-08 2018-08-23
7.5
None Remote Low Not required Partial Partial Partial
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
155 CVE-2012-1674 2012-05-03 2017-12-07
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582.
156 CVE-2012-1601 399 DoS 2012-05-17 2018-01-05
4.9
None Local Low Not required None None Complete
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
157 CVE-2012-1589 20 2012-05-18 2013-12-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
158 CVE-2012-1521 416 DoS 2012-05-01 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
159 CVE-2012-1517 119 DoS Exec Code Overflow 2012-05-04 2017-12-13
9.0
None Remote Low ??? Complete Complete Complete
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.
160 CVE-2012-1516 119 DoS Exec Code Overflow 2012-05-04 2019-09-27
9.0
None Remote Low ??? Complete Complete Complete
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
161 CVE-2012-1413 79 XSS 2012-05-27 2012-05-28
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
162 CVE-2012-1328 94 +Priv 2012-05-03 2017-12-07
4.6
None Local Low Not required Partial Partial Partial
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
163 CVE-2012-1327 284 DoS 2012-05-03 2017-12-07
6.1
None Local Network Low Not required None None Complete
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
164 CVE-2012-1324 362 DoS 2012-05-03 2017-12-07
7.1
None Remote Medium Not required None None Complete
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
165 CVE-2012-1249 200 +Info 2012-05-21 2013-01-04
5.0
None Remote Low Not required Partial None None
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
166 CVE-2012-1248 264 2012-05-15 2021-09-14
5.1
None Remote High Not required Partial Partial Partial
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.
167 CVE-2012-1247 79 XSS 2012-05-15 2017-12-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.
168 CVE-2012-1246 79 XSS 2012-05-15 2017-12-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.
169 CVE-2012-1190 79 XSS 2012-05-03 2018-01-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.
170 CVE-2012-1179 264 DoS 2012-05-17 2017-12-29
5.2
None Local Network Medium ??? None None Complete
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
171 CVE-2012-1172 20 DoS Dir. Trav. 2012-05-24 2018-01-18
5.8
None Remote Medium Not required None Partial Partial
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
172 CVE-2012-1146 476 DoS 2012-05-17 2020-07-27
4.9
None Local Low Not required None None Complete
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
173 CVE-2012-1097 476 DoS 2012-05-17 2020-07-27
7.2
None Local Low Not required Complete Complete Complete
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
174 CVE-2012-1090 20 DoS 2012-05-17 2020-07-27
4.9
None Local Low Not required None None Complete
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
175 CVE-2012-1054 264 +Priv 2012-05-29 2019-07-11
4.4
None Local Medium Not required Partial Partial Partial
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
176 CVE-2012-1053 264 +Priv 2012-05-29 2019-07-11
6.9
None Local Medium Not required Complete Complete Complete
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
177 CVE-2012-0949 200 +Info 2012-05-31 2017-08-29
5.0
None Remote Low Not required Partial None None
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.
178 CVE-2012-0879 400 DoS 2012-05-17 2020-07-31
4.9
None Local Low Not required None None Complete
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
179 CVE-2012-0878 264 Bypass 2012-05-01 2013-04-02
5.1
None Remote High Not required Partial Partial Partial
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
180 CVE-2012-0804 119 DoS Exec Code Overflow 2012-05-29 2018-01-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
181 CVE-2012-0780 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
182 CVE-2012-0779 Exec Code 2012-05-04 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
183 CVE-2012-0778 119 Exec Code Overflow 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors.
184 CVE-2012-0745 264 +Priv 2012-05-04 2017-12-07
7.2
None Local Low Not required Complete Complete Complete
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
185 CVE-2012-0737 79 XSS 2012-05-03 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
186 CVE-2012-0736 20 Exec Code 2012-05-03 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
187 CVE-2012-0735 20 +Info 2012-05-03 2017-08-29
7.6
None Remote High Not required Complete Complete Complete
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
188 CVE-2012-0734 +Info 2012-05-03 2017-08-29
7.6
None Remote High Not required Complete Complete Complete
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
189 CVE-2012-0733 264 2012-05-03 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
190 CVE-2012-0732 310 +Info 2012-05-03 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
191 CVE-2012-0731 200 +Info 2012-05-03 2017-08-29
6.8
None Remote Low ??? Complete None None
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
192 CVE-2012-0730 352 CSRF 2012-05-03 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
193 CVE-2012-0729 Exec Code 2012-05-03 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
194 CVE-2012-0685 189 Exec Code Overflow 2012-05-09 2012-05-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
195 CVE-2012-0684 189 Exec Code Overflow 2012-05-09 2012-05-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
196 CVE-2012-0676 20 2012-05-11 2017-12-05
5.0
None Remote Low Not required None Partial None
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
197 CVE-2012-0675 287 2012-05-11 2012-05-30
4.3
None Remote Medium Not required Partial None None
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
198 CVE-2012-0674 20 2012-05-08 2012-05-08
4.3
None Remote Medium Not required None Partial None
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
199 CVE-2012-0672 119 DoS Exec Code Overflow Mem. Corr. 2012-05-08 2017-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
200 CVE-2012-0671 94 DoS Exec Code Mem. Corr. 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
Total number of vulnerabilities : 426   Page : 1 2 3 4 (This Page)5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.