CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4901 CVE-2011-3048 119 DoS Exec Code Overflow 2012-05-29 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
4902 CVE-2011-3047 119 DoS Exec Code Overflow Mem. Corr. 2012-03-10 2020-04-16
9.3
None Remote Medium Not required Complete Complete Complete
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
4903 CVE-2011-3046 79 Exec Code XSS 2012-03-09 2020-04-16
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
4904 CVE-2011-3045 190 DoS Exec Code 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
4905 CVE-2011-3044 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
4906 CVE-2011-3043 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
4907 CVE-2011-3042 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
4908 CVE-2011-3041 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
4909 CVE-2011-3040 125 DoS 2012-03-05 2020-04-16
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
4910 CVE-2011-3039 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
4911 CVE-2011-3038 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
4912 CVE-2011-3037 704 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
4913 CVE-2011-3036 704 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
4914 CVE-2011-3035 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
4915 CVE-2011-3034 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
4916 CVE-2011-3033 120 DoS Overflow 2012-03-05 2020-04-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4917 CVE-2011-3032 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
4918 CVE-2011-3031 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4919 CVE-2011-3027 704 DoS 2012-02-16 2020-04-16
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
4920 CVE-2011-3026 190 DoS Overflow 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
4921 CVE-2011-3025 125 DoS 2012-02-16 2020-04-16
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4922 CVE-2011-3024 295 DoS 2012-02-16 2020-04-16
4.3
None Remote Medium Not required None None Partial
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
4923 CVE-2011-3023 416 DoS 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
4924 CVE-2011-3022 319 +Info 2012-02-16 2020-04-16
5.0
None Remote Low Not required Partial None None
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
4925 CVE-2011-3021 416 DoS 2012-02-16 2020-04-16
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
4926 CVE-2011-3020 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
4927 CVE-2011-3019 787 DoS Overflow 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
4928 CVE-2011-3018 787 DoS Overflow 2012-02-16 2020-04-16
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
4929 CVE-2011-3017 416 DoS 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
4930 CVE-2011-3016 416 DoS 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
4931 CVE-2011-3015 190 DoS Overflow 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4932 CVE-2011-2939 189 DoS Overflow Mem. Corr. 2012-01-13 2018-08-13
5.1
None Remote High Not required Partial Partial Partial
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
4933 CVE-2011-2918 400 DoS Overflow 2012-05-24 2020-07-31
4.9
None Local Low Not required None None Complete
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
4934 CVE-2011-2915 189 DoS Exec Code Mem. Corr. 2012-06-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.
4935 CVE-2011-2914 189 DoS Exec Code Mem. Corr. 2012-06-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.
4936 CVE-2011-2913 189 DoS Exec Code Mem. Corr. 2012-06-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.
4937 CVE-2011-2912 119 DoS Exec Code Overflow 2012-06-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.
4938 CVE-2011-2911 189 DoS Exec Code Overflow 2012-06-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.
4939 CVE-2011-2908 352 Exec Code CSRF 2012-11-23 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.
4940 CVE-2011-2906 400 DoS Mem. Corr. 2012-05-24 2020-07-29
4.7
None Local Medium Not required None None Complete
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.
4941 CVE-2011-2898 200 +Info 2012-05-24 2020-07-29
1.9
None Local Medium Not required Partial None None
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
4942 CVE-2011-2873 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4943 CVE-2011-2872 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4944 CVE-2011-2871 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4945 CVE-2011-2870 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4946 CVE-2011-2869 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4947 CVE-2011-2868 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4948 CVE-2011-2867 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
4949 CVE-2011-2866 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-01-06
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
4950 CVE-2011-2833 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 (This Page)100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.