CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4751 CVE-2011-3921 416 DoS 2012-01-07 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.
4752 CVE-2011-3919 787 DoS Overflow 2012-01-07 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4753 CVE-2011-3918 399 DoS 2012-10-07 2013-08-03
7.8
None Remote Low Not required None None Complete
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
4754 CVE-2011-3874 119 Exec Code Overflow 2012-01-27 2012-02-06
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
4755 CVE-2011-3846 352 CSRF 2012-04-12 2012-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
4756 CVE-2011-3845 399 Exec Code 2012-03-08 2018-01-05
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.
4757 CVE-2011-3844 20 2012-03-08 2018-01-06
4.3
None Remote Medium Not required None Partial None
Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.
4758 CVE-2011-3833 2 Exec Code 2012-01-29 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
4759 CVE-2011-3832 94 Exec Code 2012-01-29 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
4760 CVE-2011-3831 89 Exec Code Sql 2012-01-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
4761 CVE-2011-3830 79 XSS 2012-01-29 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
4762 CVE-2011-3829 200 2 +Info 2012-01-29 2017-08-29
4.0
None Remote Low ??? Partial None None
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
4763 CVE-2011-3827 119 DoS Overflow 2012-09-19 2013-04-05
4.3
None Remote Medium Not required None None Partial
The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment.
4764 CVE-2011-3671 399 Exec Code 2012-06-18 2012-06-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.
4765 CVE-2011-3670 200 +Info 2012-02-01 2017-12-29
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
4766 CVE-2011-3669 352 CSRF 2012-01-02 2012-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
4767 CVE-2011-3668 352 CSRF 2012-01-02 2012-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.
4768 CVE-2011-3667 287 2012-01-02 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.
4769 CVE-2011-3659 416 Exec Code 2012-02-01 2020-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
4770 CVE-2011-3657 79 XSS 2012-01-02 2012-02-04
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.
4771 CVE-2011-3637 476 DoS 2012-05-17 2020-07-27
4.9
None Local Low Not required None None Complete
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
4772 CVE-2011-3626 399 Exec Code 2012-01-27 2012-01-30
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
4773 CVE-2011-3620 287 2012-05-03 2012-08-14
7.5
None Remote Low Not required Partial Partial Partial
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4774 CVE-2011-3597 20 Exec Code 2012-01-13 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
4775 CVE-2011-3574 2012-01-18 2012-02-07
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.
4776 CVE-2011-3573 2012-01-18 2012-02-07
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.
4777 CVE-2011-3571 2012-01-18 2018-01-06
3.6
None Remote High ??? Partial Partial None
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
4778 CVE-2011-3570 2012-01-18 2012-02-07
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.
4779 CVE-2011-3569 2012-01-18 2012-02-07
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security.
4780 CVE-2011-3568 2012-01-18 2012-01-19
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security.
4781 CVE-2011-3566 2012-01-18 2012-01-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.
4782 CVE-2011-3565 2012-01-18 2012-02-07
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.
4783 CVE-2011-3564 2012-01-18 2012-01-19
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.
4784 CVE-2011-3563 2012-02-15 2022-05-13
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
4785 CVE-2011-3562 2012-07-17 2017-08-29
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors.
4786 CVE-2011-3531 2012-01-18 2012-02-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security.
4787 CVE-2011-3524 2012-01-18 2016-05-18
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509.
4788 CVE-2011-3514 2012-01-18 2016-05-18
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).
4789 CVE-2011-3509 2012-01-18 2016-05-18
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524.
4790 CVE-2011-3479 264 +Priv 2012-01-25 2018-01-06
6.8
None Local Low ??? Complete Complete Complete
Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
4791 CVE-2011-3478 287 Exec Code 2012-01-25 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
4792 CVE-2011-3464 189 DoS Exec Code Overflow 2012-07-22 2012-07-23
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
4793 CVE-2011-3463 287 +Priv 2012-02-02 2012-02-03
7.2
None Local Low Not required Complete Complete Complete
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
4794 CVE-2011-3462 +Info 2012-02-02 2012-02-03
5.0
None Remote Low Not required Partial None None
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.
4795 CVE-2011-3460 119 DoS Exec Code Overflow 2012-02-02 2012-05-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
4796 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
4797 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
4798 CVE-2011-3457 119 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2012-09-22
7.5
None Remote Low Not required Partial Partial Partial
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
4799 CVE-2011-3453 189 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2018-01-06
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
4800 CVE-2011-3452 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 (This Page)97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.