Max CVSS 10.0 Min CVSS 2.1 Total Count104
IDCVSSSummaryLast (major) updatePublished
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2012-2688 10.0
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
07-12-2016 - 22:02 20-07-2012 - 06:40
CVE-2012-2143 4.3
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for cont
07-12-2016 - 22:02 05-07-2012 - 10:55
CVE-2011-3607 4.4
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted S
07-12-2016 - 22:02 08-11-2011 - 06:55
CVE-2012-1667 8.5
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of
06-12-2016 - 22:00 05-06-2012 - 12:55
CVE-2012-0053 4.3
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors i
22-08-2016 - 22:04 27-01-2012 - 23:05
CVE-2012-0031 4.6
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memor
22-08-2016 - 22:04 18-01-2012 - 15:55
CVE-2012-0021 2.6
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of s
22-08-2016 - 22:04 27-01-2012 - 23:05
CVE-2011-4313 5.0
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
22-08-2016 - 22:04 29-11-2011 - 12:55
CVE-2011-4317 4.3
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern ma
16-06-2016 - 21:59 29-11-2011 - 23:05
CVE-2011-3368 5.0
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, wh
16-06-2016 - 21:59 05-10-2011 - 18:55
CVE-2012-0668 9.3
Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.
06-05-2016 - 11:35 16-05-2012 - 06:12
CVE-2012-4405 6.8
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) a
12-01-2015 - 02:06 18-09-2012 - 13:55
CVE-2012-2807 6.8
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2011-3102 6.8
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:38 15-05-2012 - 20:55
CVE-2011-3026 7.5
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
15-11-2013 - 00:32 16-02-2012 - 15:55
CVE-2012-3712 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3711 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3710 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3709 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3708 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3707 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3706 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3705 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3704 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3703 8.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3702 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3701 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3700 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3699 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3692 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3688 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3687 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3685 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3684 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3677 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3676 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3675 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3673 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3672 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3671 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3660 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3659 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3658 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3657 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3654 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3652 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:26 13-09-2012 - 06:30
CVE-2012-3651 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3649 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3648 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3647 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3643 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3632 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3624 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3623 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3622 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3621 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3617 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3616 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3614 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3613 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3612 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3607 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3606 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3602 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3601 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-3598 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
02-11-2013 - 23:25 13-09-2012 - 06:30
CVE-2012-0671 9.3
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
02-11-2013 - 23:21 16-05-2012 - 06:12
CVE-2012-0670 9.3
Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.
02-11-2013 - 23:21 16-05-2012 - 06:12
CVE-2012-3511 6.2
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
23-10-2013 - 23:40 03-10-2012 - 23:28
CVE-2012-0831 6.8
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
10-10-2013 - 23:41 10-02-2012 - 15:55
CVE-2012-3412 7.8
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
17-08-2013 - 02:46 03-10-2012 - 07:02
CVE-2012-2311 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to exec
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2012-1823 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
19-07-2013 - 23:27 11-05-2012 - 06:15
CVE-2012-3365 5.0
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
25-06-2013 - 23:12 20-07-2012 - 06:40
CVE-2012-3718 2.1
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
06-06-2013 - 00:00 20-09-2012 - 17:55
CVE-2012-1173 6.8
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading t
14-05-2013 - 23:24 04-06-2012 - 16:55
CVE-2012-3430 2.1
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvm
18-04-2013 - 23:23 03-10-2012 - 07:02
CVE-2012-2745 4.7
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork s
18-04-2013 - 23:22 09-08-2012 - 06:29
CVE-2012-3723 4.6
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3722 6.8
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3721 5.0
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3719 6.8
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3716 7.5
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3715 4.3
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3714 4.3
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
21-03-2013 - 23:11 20-09-2012 - 17:55
CVE-2012-3713 4.3
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.
21-03-2013 - 23:11 20-09-2012 - 17:55
CVE-2012-2145 5.0
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
21-03-2013 - 23:10 28-09-2012 - 11:55
CVE-2011-3105 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2012-2843 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
06-11-2012 - 00:12 12-07-2012 - 17:55
CVE-2012-2842 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
06-11-2012 - 00:12 12-07-2012 - 17:55
CVE-2012-0652 4.9
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by read
30-10-2012 - 00:00 10-05-2012 - 23:49
CVE-2012-2831 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
21-09-2012 - 23:33 27-06-2012 - 06:18
CVE-2012-2829 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
21-09-2012 - 23:33 27-06-2012 - 06:18
CVE-2012-2818 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS)
21-09-2012 - 23:33 27-06-2012 - 06:18
CVE-2012-2817 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
21-09-2012 - 23:33 27-06-2012 - 06:18
CVE-2012-2386 7.5
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted t
21-09-2012 - 23:32 07-07-2012 - 06:21
CVE-2012-1172 5.8
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
21-09-2012 - 23:30 23-05-2012 - 20:55
CVE-2012-0643 9.3
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
21-09-2012 - 23:29 08-03-2012 - 17:55
CVE-2011-4599 7.5
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant
21-09-2012 - 23:27 21-06-2012 - 11:55
CVE-2011-3048 6.8
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk i
21-09-2012 - 23:24 29-05-2012 - 16:55
CVE-2012-3720 4.3
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a m
21-09-2012 - 00:00 20-09-2012 - 17:55
CVE-2012-0650 7.5
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
21-09-2012 - 00:00 20-09-2012 - 17:55
CVE-2012-0789 5.0
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
27-06-2012 - 23:41 14-02-2012 - 10:55
Back to Top Mark selected
Back to Top