CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4701 CVE-2011-4043 189 Exec Code Overflow 2012-04-03 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
4702 CVE-2011-4042 Exec Code 2012-04-03 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
4703 CVE-2011-4041 94 Exec Code 2012-02-06 2012-12-11
10.0
None Remote Low Not required Complete Complete Complete
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
4704 CVE-2011-4039 264 Exec Code 2012-02-10 2012-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
4705 CVE-2011-4038 79 XSS 2012-02-10 2012-02-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4706 CVE-2011-4031 191 Exec Code 2012-05-09 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.
4707 CVE-2011-4029 362 DoS 2012-07-03 2020-08-24
1.9
None Local Medium Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
4708 CVE-2011-4028 59 2012-07-03 2020-08-24
1.2
None Local High Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
4709 CVE-2011-4023 399 DoS 2012-05-03 2018-10-30
7.8
None Remote Low Not required None None Complete
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
4710 CVE-2011-4022 287 DoS 2012-05-03 2012-05-11
5.0
None Remote Low Not required None None Partial
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
4711 CVE-2011-4019 399 DoS 2012-05-03 2012-05-30
5.4
None Remote High Not required None None Complete
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
4712 CVE-2011-4016 20 DoS 2012-05-02 2016-12-07
5.4
None Remote High Not required None None Complete
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
4713 CVE-2011-4015 20 DoS 2012-05-02 2012-10-30
5.0
None Remote Low Not required None None Partial
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
4714 CVE-2011-4014 200 +Info 2012-05-02 2012-08-19
4.0
None Remote Low ??? Partial None None
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
4715 CVE-2011-4012 2012-05-02 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
4716 CVE-2011-4007 20 DoS 2012-05-02 2012-10-30
5.4
None Remote High Not required None None Complete
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
4717 CVE-2011-4006 20 DoS 2012-05-02 2012-10-30
7.8
None Remote Low Not required None None Complete
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
4718 CVE-2011-3972 787 DoS 2012-02-09 2020-05-08
5.0
None Remote Low Not required None None Partial
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4719 CVE-2011-3971 416 DoS 2012-02-09 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
4720 CVE-2011-3970 125 DoS 2012-02-09 2020-09-09
4.3
None Remote Medium Not required None None Partial
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4721 CVE-2011-3969 416 DoS 2012-02-09 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
4722 CVE-2011-3968 416 DoS 2012-02-09 2020-04-16
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
4723 CVE-2011-3967 DoS 2012-02-09 2020-05-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
4724 CVE-2011-3966 416 DoS 2012-02-09 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.
4725 CVE-2011-3965 347 DoS 2012-02-09 2020-04-16
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
4726 CVE-2011-3964 20 2012-02-09 2020-04-17
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
4727 CVE-2011-3963 125 DoS 2012-02-09 2020-05-08
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4728 CVE-2011-3962 125 DoS 2012-02-09 2020-04-17
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4729 CVE-2011-3961 362 Exec Code 2012-02-09 2020-05-08
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
4730 CVE-2011-3960 125 DoS 2012-02-09 2020-04-21
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4731 CVE-2011-3959 120 DoS Overflow 2012-02-09 2020-04-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4732 CVE-2011-3958 416 DoS 2012-02-09 2020-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
4733 CVE-2011-3957 416 DoS 2012-02-09 2020-05-08
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
4734 CVE-2011-3956 346 Bypass 2012-02-09 2020-04-17
6.8
None Remote Medium Not required Partial Partial Partial
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
4735 CVE-2011-3955 DoS 2012-02-09 2020-05-08
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
4736 CVE-2011-3954 400 DoS 2012-02-09 2020-04-17
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
4737 CVE-2011-3953 2012-02-09 2020-05-08
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
4738 CVE-2011-3952 20 DoS Exec Code 2012-08-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
4739 CVE-2011-3951 119 DoS Exec Code Overflow 2012-08-20 2012-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.
4740 CVE-2011-3947 119 DoS Exec Code Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
4741 CVE-2011-3945 119 DoS Exec Code Overflow 2012-08-20 2012-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
4742 CVE-2011-3940 119 DoS Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
4743 CVE-2011-3936 20 DoS 2012-08-20 2012-10-30
4.3
None Remote Medium Not required None None Partial
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.
4744 CVE-2011-3929 119 DoS Exec Code Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
4745 CVE-2011-3928 416 DoS 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
4746 CVE-2011-3927 665 DoS 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4747 CVE-2011-3926 787 DoS Overflow 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4748 CVE-2011-3925 416 DoS Mem. Corr. 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.
4749 CVE-2011-3924 416 DoS 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
4750 CVE-2011-3922 787 DoS Overflow 2012-01-07 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 (This Page)96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.