Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-0643 9.3
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
29-11-2018 - 19:09 08-03-2012 - 22:55
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
12-10-2018 - 22:01 06-09-2011 - 19:55
CVE-2011-4599 7.5
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant
24-01-2018 - 15:31 21-06-2012 - 15:55
CVE-2012-2311 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to exec
18-01-2018 - 02:29 11-05-2012 - 10:15
CVE-2012-1823 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
18-01-2018 - 02:29 11-05-2012 - 10:15
CVE-2012-1667 8.5
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of
18-01-2018 - 02:29 05-06-2012 - 16:55
CVE-2012-1173 6.8
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading t
18-01-2018 - 02:29 04-06-2012 - 20:55
CVE-2012-1172 5.8
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
18-01-2018 - 02:29 24-05-2012 - 00:55
CVE-2012-0831 6.8
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
18-01-2018 - 02:29 10-02-2012 - 20:55
CVE-2012-0053 4.3
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors i
18-01-2018 - 02:29 28-01-2012 - 04:05
CVE-2012-0031 4.6
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memor
18-01-2018 - 02:29 18-01-2012 - 20:55
CVE-2012-0021 2.6
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of s
18-01-2018 - 02:29 28-01-2012 - 04:05
CVE-2011-3026 6.8
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
10-01-2018 - 02:29 16-02-2012 - 20:55
CVE-2011-4317 4.3
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern ma
09-01-2018 - 02:29 30-11-2011 - 04:05
CVE-2011-3607 4.4
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted S
09-01-2018 - 02:29 08-11-2011 - 11:55
CVE-2011-3368 5.0
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, wh
09-01-2018 - 02:29 05-10-2011 - 22:55
CVE-2011-4313 5.0
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
06-01-2018 - 02:29 29-11-2011 - 17:55
CVE-2011-3048 6.8
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk i
29-12-2017 - 02:29 29-05-2012 - 20:55
CVE-2012-2688 10.0
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
22-12-2017 - 02:29 20-07-2012 - 10:40
CVE-2012-0652 4.9
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by read
05-12-2017 - 02:29 11-05-2012 - 03:49
CVE-2012-0671 9.3
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
19-09-2017 - 01:34 16-05-2012 - 10:12
CVE-2012-0670 9.3
Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.
19-09-2017 - 01:34 16-05-2012 - 10:12
CVE-2012-0668 9.3
Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.
19-09-2017 - 01:34 16-05-2012 - 10:12
CVE-2012-3723 4.6
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2012-3722 6.8
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2012-3721 5.0
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2012-3719 6.8
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2012-3716 7.5
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2012-2143 4.3
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for cont
08-12-2016 - 03:02 05-07-2012 - 14:55
CVE-2012-3718 2.1
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
06-06-2013 - 04:00 20-09-2012 - 21:55
CVE-2012-2386 7.5
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted t
22-09-2012 - 03:32 07-07-2012 - 10:21
CVE-2012-3720 4.3
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a m
21-09-2012 - 04:00 20-09-2012 - 21:55
CVE-2012-0650 7.5
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
21-09-2012 - 04:00 20-09-2012 - 21:55
Back to Top Mark selected
Back to Top