CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2012-5965 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
302 CVE-2012-5964 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.
303 CVE-2012-5963 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.
304 CVE-2012-5962 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.
305 CVE-2012-5961 119 Exec Code Overflow 2013-01-31 2015-09-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.
306 CVE-2012-5960 119 Exec Code Overflow 2013-01-31 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.
307 CVE-2012-5959 119 Exec Code Overflow 2013-01-31 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.
308 CVE-2012-5958 119 Exec Code Overflow 2013-01-31 2020-11-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
309 CVE-2012-5875 1 DoS 2013-01-18 2013-01-18
5.0
None Remote Low Not required None None Partial
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.
310 CVE-2012-5874 89 1 Exec Code Sql 2013-01-12 2013-01-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
311 CVE-2012-5769 DoS 2013-01-01 2017-08-29
5.8
None Remote Medium Not required Partial None Partial
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
312 CVE-2012-5717 264 DoS 2013-01-18 2013-01-29
6.3
None Remote Medium ??? None None Complete
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.
313 CVE-2012-5689 20 DoS 2013-01-25 2016-08-19
7.1
None Remote Medium Not required None None Complete
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
314 CVE-2012-5670 119 DoS Overflow 2013-01-24 2021-01-26
4.3
None Remote Medium Not required None None Partial
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.
315 CVE-2012-5669 119 DoS Exec Code Overflow 2013-01-24 2021-01-26
4.3
None Remote Medium Not required None None Partial
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
316 CVE-2012-5668 119 DoS Overflow 2013-01-24 2021-01-26
4.3
None Remote Medium Not required None None Partial
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
317 CVE-2012-5667 189 Exec Code Overflow 2013-01-03 2016-12-24
4.4
None Local Medium Not required Partial Partial Partial
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
318 CVE-2012-5666 79 XSS 2013-01-03 2013-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
319 CVE-2012-5665 264 2013-01-03 2017-08-29
4.3
None Remote Medium Not required None Partial None
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
320 CVE-2012-5656 264 2013-01-18 2013-03-23
2.1
None Local Low Not required Partial None None
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
321 CVE-2012-5655 264 +Info 2013-01-03 2013-01-07
5.0
None Remote Low Not required Partial None None
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
322 CVE-2012-5654 200 +Info 2013-01-03 2013-01-03
4.3
None Remote Medium Not required Partial None None
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
323 CVE-2012-5653 20 Exec Code Bypass 2013-01-03 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
324 CVE-2012-5652 200 +Info 2013-01-03 2017-08-29
5.0
None Remote Low Not required Partial None None
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
325 CVE-2012-5651 264 +Info 2013-01-03 2017-08-29
5.0
None Remote Low Not required Partial None None
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
326 CVE-2012-5616 255 +Info 2013-01-22 2013-04-02
1.5
None Local Medium ??? Partial None None
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
327 CVE-2012-5605 264 2013-01-04 2017-08-29
2.1
None Local Low Not required None Partial None
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
328 CVE-2012-5603 264 2013-01-04 2017-08-29
5.5
None Remote Low ??? Partial Partial None
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
329 CVE-2012-5581 119 DoS Exec Code Overflow 2013-01-04 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
330 CVE-2012-5573 399 DoS Bypass 2013-01-01 2017-08-29
5.0
None Remote Low Not required None None Partial
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.
331 CVE-2012-5531 79 XSS 2013-01-18 2013-01-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
332 CVE-2012-5516 200 +Info 2013-01-04 2017-08-29
2.1
None Local Low Not required Partial None None
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
333 CVE-2012-5484 310 2013-01-27 2013-02-07
7.9
None Local Network Medium Not required Complete Complete Complete
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
334 CVE-2012-5444 264 2013-01-17 2013-01-29
5.0
None Remote Low Not required None Partial None
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.
335 CVE-2012-5429 DoS 2013-01-17 2013-01-18
4.6
None Local Low ??? None None Complete
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
336 CVE-2012-5419 399 DoS 2013-01-17 2013-01-29
7.8
None Remote Low Not required None None Complete
Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.
337 CVE-2012-5185 22 Dir. Trav. 2013-01-19 2013-01-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.
338 CVE-2012-5184 79 XSS 2013-01-19 2013-01-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
339 CVE-2012-5157 119 DoS Overflow 2013-01-15 2017-09-19
4.3
None Remote Medium Not required None None Partial
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
340 CVE-2012-5156 399 DoS 2013-01-15 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
341 CVE-2012-5155 264 Bypass 2013-01-15 2013-01-16
5.0
None Remote Low Not required None Partial None
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
342 CVE-2012-5154 189 DoS Overflow 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
343 CVE-2012-5153 119 DoS Overflow 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
344 CVE-2012-5152 119 DoS Overflow 2013-01-15 2018-10-30
5.0
None Remote Low Not required None None Partial
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
345 CVE-2012-5151 189 DoS Overflow 2013-01-15 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
346 CVE-2012-5150 399 DoS 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
347 CVE-2012-5149 189 DoS Overflow 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
348 CVE-2012-5148 20 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
349 CVE-2012-5147 399 DoS 2013-01-15 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
350 CVE-2012-5146 264 Bypass 2013-01-15 2018-10-30
5.0
None Remote Low Not required None Partial None
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
Total number of vulnerabilities : 439   Page : 1 2 3 4 5 6 7 (This Page)8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.