| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2012-5965 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2015-09-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet. |
|
302 |
CVE-2012-5964 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2015-09-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet. |
|
303 |
CVE-2012-5963 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2015-09-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet. |
|
304 |
CVE-2012-5962 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2015-09-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet. |
|
305 |
CVE-2012-5961 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2015-09-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet. |
|
306 |
CVE-2012-5960 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2017-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet. |
|
307 |
CVE-2012-5959 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2017-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet. |
|
308 |
CVE-2012-5958 |
119 |
|
Exec Code Overflow |
2013-01-31 |
2020-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. |
|
309 |
CVE-2012-5875 |
|
1
|
DoS |
2013-01-18 |
2013-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. |
|
310 |
CVE-2012-5874 |
89 |
1
|
Exec Code Sql |
2013-01-12 |
2013-01-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php. |
|
311 |
CVE-2012-5769 |
|
|
DoS |
2013-01-01 |
2017-08-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. |
|
312 |
CVE-2012-5717 |
264 |
|
DoS |
2013-01-18 |
2013-01-29 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. |
|
313 |
CVE-2012-5689 |
20 |
|
DoS |
2013-01-25 |
2016-08-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. |
|
314 |
CVE-2012-5670 |
119 |
|
DoS Overflow |
2013-01-24 |
2021-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. |
|
315 |
CVE-2012-5669 |
119 |
|
DoS Exec Code Overflow |
2013-01-24 |
2021-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. |
|
316 |
CVE-2012-5668 |
119 |
|
DoS Overflow |
2013-01-24 |
2021-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. |
|
317 |
CVE-2012-5667 |
189 |
|
Exec Code Overflow |
2013-01-03 |
2016-12-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. |
|
318 |
CVE-2012-5666 |
79 |
|
XSS |
2013-01-03 |
2013-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. |
|
319 |
CVE-2012-5665 |
264 |
|
|
2013-01-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. |
|
320 |
CVE-2012-5656 |
264 |
|
|
2013-01-18 |
2013-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. |
|
321 |
CVE-2012-5655 |
264 |
|
+Info |
2013-01-03 |
2013-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. |
|
322 |
CVE-2012-5654 |
200 |
|
+Info |
2013-01-03 |
2013-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. |
|
323 |
CVE-2012-5653 |
20 |
|
Exec Code Bypass |
2013-01-03 |
2017-08-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. |
|
324 |
CVE-2012-5652 |
200 |
|
+Info |
2013-01-03 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. |
|
325 |
CVE-2012-5651 |
264 |
|
+Info |
2013-01-03 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. |
|
326 |
CVE-2012-5616 |
255 |
|
+Info |
2013-01-22 |
2013-04-02 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API. |
|
327 |
CVE-2012-5605 |
264 |
|
|
2013-01-04 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. |
|
328 |
CVE-2012-5603 |
264 |
|
|
2013-01-04 |
2017-08-29 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. |
|
329 |
CVE-2012-5581 |
119 |
|
DoS Exec Code Overflow |
2013-01-04 |
2017-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. |
|
330 |
CVE-2012-5573 |
399 |
|
DoS Bypass |
2013-01-01 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. |
|
331 |
CVE-2012-5531 |
79 |
|
XSS |
2013-01-18 |
2013-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
332 |
CVE-2012-5516 |
200 |
|
+Info |
2013-01-04 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. |
|
333 |
CVE-2012-5484 |
310 |
|
|
2013-01-27 |
2013-02-07 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. |
|
334 |
CVE-2012-5444 |
264 |
|
|
2013-01-17 |
2013-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. |
|
335 |
CVE-2012-5429 |
|
|
DoS |
2013-01-17 |
2013-01-18 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. |
|
336 |
CVE-2012-5419 |
399 |
|
DoS |
2013-01-17 |
2013-01-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741. |
|
337 |
CVE-2012-5185 |
22 |
|
Dir. Trav. |
2013-01-19 |
2013-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. |
|
338 |
CVE-2012-5184 |
79 |
|
XSS |
2013-01-19 |
2013-01-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
339 |
CVE-2012-5157 |
119 |
|
DoS Overflow |
2013-01-15 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. |
|
340 |
CVE-2012-5156 |
399 |
|
DoS |
2013-01-15 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields. |
|
341 |
CVE-2012-5155 |
264 |
|
Bypass |
2013-01-15 |
2013-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. |
|
342 |
CVE-2012-5154 |
189 |
|
DoS Overflow |
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. |
|
343 |
CVE-2012-5153 |
119 |
|
DoS Overflow |
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory. |
|
344 |
CVE-2012-5152 |
119 |
|
DoS Overflow |
2013-01-15 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. |
|
345 |
CVE-2012-5151 |
189 |
|
DoS Overflow |
2013-01-15 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document. |
|
346 |
CVE-2012-5150 |
399 |
|
DoS |
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data. |
|
347 |
CVE-2012-5149 |
189 |
|
DoS Overflow |
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
348 |
CVE-2012-5148 |
20 |
|
|
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. |
|
349 |
CVE-2012-5147 |
399 |
|
DoS |
2013-01-15 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. |
|
350 |
CVE-2012-5146 |
264 |
|
Bypass |
2013-01-15 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. |
