| ID: CVE-2012-0841 |
Title: libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0841 SFBID52107 |
Severity: Medium |
| Description: libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. | ||||
| Applies to: |
Created: 2012-12-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5991 |
Title: screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type... |
Type: Hardware |
Bulletins:
CVE-2012-5991 |
Severity: Medium |
| Description: screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-12-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5992 |
Title: Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts... |
Type: Hardware |
Bulletins:
CVE-2012-5992 |
Severity: Medium |
| Description: Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-12-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-6007 |
Title: Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,... |
Type: Hardware |
Bulletins:
CVE-2012-6007 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-12-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-6301 |
Title: The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. |
Type: Mobile Devices |
Bulletins:
CVE-2012-6301 |
Severity: Medium |
| Description: The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | ||||
| Applies to: |
Created: 2012-12-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4221 |
Title: Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an... |
Type: Mobile Devices |
Bulletins:
CVE-2012-4221 |
Severity: Medium |
| Description: Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call. | ||||
| Applies to: |
Created: 2012-11-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4222 |
Title: drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses... |
Type: Mobile Devices |
Bulletins:
CVE-2012-4222 |
Severity: Medium |
| Description: drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. | ||||
| Applies to: |
Created: 2012-11-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4220 |
Title: diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)... |
Type: Mobile Devices |
Bulletins:
CVE-2012-4220 |
Severity: Medium |
| Description: diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call. | ||||
| Applies to: |
Created: 2012-11-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5134 |
Title: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or... |
Type: Mobile Devices |
Bulletins:
CVE-2012-5134 SFBID56684 |
Severity: Medium |
| Description: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||||
| Applies to: |
Created: 2012-11-27 |
Updated: 2024-01-17 |
||
| ID: MITRE:15395 |
Title: Reflected XSS Vulnerability - MS12-070 |
Type: Software |
Bulletins:
MITRE:15395 CVE-2012-2552 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2000 Reporting Services Microsoft SQL Server 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 |
Created: 2012-11-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2619 |
Title: The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2012-2619 |
Severity: High |
| Description: The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | ||||
| Applies to: |
Created: 2012-11-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3750 |
Title: The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3750 SFBID56363 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | ||||
| Applies to: |
Created: 2012-11-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3749 |
Title: The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3749 SFBID56361 |
Severity: Medium |
| Description: The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | ||||
| Applies to: |
Created: 2012-11-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3748 |
Title: Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3748 SFBID56362 |
Severity: Medium |
| Description: Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | ||||
| Applies to: |
Created: 2012-11-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4660 |
Title: The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5... |
Type: Hardware |
Bulletins:
CVE-2012-4660 SFBID55864 |
Severity: High |
| Description: The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4643 |
Title: The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before... |
Type: Hardware |
Bulletins:
CVE-2012-4643 SFBID55861 |
Severity: High |
| Description: The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8.5(1.9), and 8.6 before 8.6(1.5) does not properly allocate memory for DHCP packets, which allows remote attackers to cause a denial of service (device reload) via a series of crafted IPv4 packets, aka Bug ID CSCtw84068. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4662 |
Title: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before... |
Type: Hardware |
Bulletins:
CVE-2012-4662 SFBID55862 |
Severity: High |
| Description: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21376 and CSCtr27524. | ||||
| Applies to: Cisco 7600 Series Routers Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4663 |
Title: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before... |
Type: Hardware |
Bulletins:
CVE-2012-4663 SFBID55862 |
Severity: High |
| Description: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21346 and CSCtr27521. | ||||
| Applies to: Cisco 7600 Series Routers Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4659 |
Title: The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before... |
Type: Hardware |
Bulletins:
CVE-2012-4659 SFBID55865 |
Severity: High |
| Description: The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication response, aka Bug ID CSCtz04566. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4661 |
Title: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before... |
Type: Hardware |
Bulletins:
CVE-2012-4661 SFBID55863 |
Severity: High |
| Description: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522. | ||||
| Applies to: Cisco 7600 Series Routers Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst... |
Created: 2012-10-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5112 |
Title: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2012-5112 |
Severity: High |
| Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: |
Created: 2012-10-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3918 |
Title: The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3918 |
Severity: High |
| Description: The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. | ||||
| Applies to: |
Created: 2012-10-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3949 |
Title: The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,... |
Type: Hardware |
Bulletins:
CVE-2012-3949 SFBID55697 |
Severity: High |
| Description: The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. | ||||
| Applies to: Unified Communications Manager |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4618 |
Title: The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183. |
Type: Hardware |
Bulletins:
CVE-2012-4618 SFBID55693 |
Severity: High |
| Description: The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4619 |
Title: The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. |
Type: Hardware |
Bulletins:
CVE-2012-4619 SFBID55705 |
Severity: High |
| Description: The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3950 |
Title: The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS... |
Type: Hardware |
Bulletins:
CVE-2012-3950 SFBID55695 |
Severity: High |
| Description: The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4623 |
Title: The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2012-4623 SFBID55700 |
Severity: High |
| Description: The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4621 |
Title: The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. |
Type: Hardware |
Bulletins:
CVE-2012-4621 |
Severity: High |
| Description: The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4617 |
Title: The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed... |
Type: Hardware |
Bulletins:
CVE-2012-4617 SFBID55694 |
Severity: High |
| Description: The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2889 |
Title: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." |
Type: Mobile Devices |
Bulletins:
CVE-2012-2889 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4622 |
Title: Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error... |
Type: Hardware |
Bulletins:
CVE-2012-4622 SFBID55701 |
Severity: High |
| Description: Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456. | ||||
| Applies to: |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4620 |
Title: Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2012-4620 SFBID55696 |
Severity: High |
| Description: Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808. | ||||
| Applies to: Cisco 10008 Router |
Created: 2012-09-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3747 |
Title: WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3747 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3746 |
Title: UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3746 |
Severity: Medium |
| Description: UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3743 |
Title: The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3743 |
Severity: Medium |
| Description: The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3722 |
Title: The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3722 |
Severity: Medium |
| Description: The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3741 |
Title: The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3741 |
Severity: Low |
| Description: The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3737 |
Title: The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3737 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3740 |
Title: The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3740 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3735 |
Title: The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3735 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3736 |
Title: The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3736 |
Severity: Medium |
| Description: The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3739 |
Title: The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3739 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3728 |
Title: The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3728 |
Severity: Medium |
| Description: The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3738 |
Title: The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3738 |
Severity: Low |
| Description: The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3725 |
Title: The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3725 |
Severity: Low |
| Description: The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3729 |
Title: The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3729 |
Severity: Low |
| Description: The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3744 |
Title: Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3744 |
Severity: Medium |
| Description: Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3742 |
Title: Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3742 |
Severity: Medium |
| Description: Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3734 |
Title: Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3734 |
Severity: Low |
| Description: Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3745 |
Title: Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3745 |
Severity: Medium |
| Description: Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3733 |
Title: Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3733 |
Severity: Medium |
| Description: Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3732 |
Title: Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3732 |
Severity: Medium |
| Description: Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3731 |
Title: Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3731 |
Severity: Low |
| Description: Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3730 |
Title: Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3730 |
Severity: Medium |
| Description: Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3726 |
Title: Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3726 |
Severity: Medium |
| Description: Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3724 |
Title: CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3724 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3727 |
Title: Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. |
Type: Mobile Devices |
Bulletins:
CVE-2012-3727 |
Severity: Medium |
| Description: Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | ||||
| Applies to: |
Created: 2012-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2993 |
Title: Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an... |
Type: Hardware |
Bulletins:
CVE-2012-2993 SFBID55569 |
Severity: Low |
| Description: Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | ||||
| Applies to: |
Created: 2012-09-17 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3924 |
Title: The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a... |
Type: Hardware |
Bulletins:
CVE-2012-3924 |
Severity: Low |
| Description: The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3923 |
Title: The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a... |
Type: Hardware |
Bulletins:
CVE-2012-3923 |
Severity: Low |
| Description: The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3893 |
Title: The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. |
Type: Hardware |
Bulletins:
CVE-2012-3893 |
Severity: Medium |
| Description: The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3915 |
Title: The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. |
Type: Hardware |
Bulletins:
CVE-2012-3915 |
Severity: Medium |
| Description: The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3051 |
Title: Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. |
Type: Hardware |
Bulletins:
CVE-2012-3051 SFBID55600 |
Severity: Medium |
| Description: Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3895 |
Title: Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. |
Type: Hardware |
Bulletins:
CVE-2012-3895 |
Severity: Medium |
| Description: Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3079 |
Title: Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. |
Type: Hardware |
Bulletins:
CVE-2012-3079 |
Severity: High |
| Description: Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. | ||||
| Applies to: |
Created: 2012-09-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3606 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3606 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3607 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3607 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3621 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3621 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3632 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3632 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3687 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3687 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3701 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2012-3701 SFBID55534 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: |
Created: 2012-09-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2870 |
Title: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not... |
Type: Mobile Devices |
Bulletins:
CVE-2012-2870 |
Severity: Medium |
| Description: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. | ||||
| Applies to: |
Created: 2012-08-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2871 |
Title: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or... |
Type: Mobile Devices |
Bulletins:
CVE-2012-2871 |
Severity: Medium |
| Description: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. | ||||
| Applies to: |
Created: 2012-08-31 |
Updated: 2024-01-17 |
||
| ID: MITRE:14783 |
Title: ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045 |
Type: Miscellaneous |
Bulletins:
MITRE:14783 CVE-2012-1891 |
Severity: High |
| Description: Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." | ||||
| Applies to: Microsoft Data Access Components |
Created: 2012-08-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2857 |
Title: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a... |
Type: Mobile Devices |
Bulletins:
CVE-2012-2857 |
Severity: Medium |
| Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||||
| Applies to: |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1367 |
Title: The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka... |
Type: Hardware |
Bulletins:
CVE-2012-1367 |
Severity: Medium |
| Description: The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. | ||||
| Applies to: |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1357 |
Title: The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. |
Type: Hardware |
Bulletins:
CVE-2012-1357 |
Severity: Medium |
| Description: The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. | ||||
| Applies to: Cisco Nexus 5000 Series |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2474 |
Title: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN... |
Type: Hardware |
Bulletins:
CVE-2012-2474 |
Severity: Medium |
| Description: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2469 |
Title: Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)... |
Type: Hardware |
Bulletins:
CVE-2012-2469 |
Severity: High |
| Description: Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1361 |
Title: Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. |
Type: Hardware |
Bulletins:
CVE-2012-1361 |
Severity: Medium |
| Description: Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | ||||
| Applies to: |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1344 |
Title: Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka... |
Type: Hardware |
Bulletins:
CVE-2012-1344 |
Severity: Low |
| Description: Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. | ||||
| Applies to: |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1338 |
Title: Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. |
Type: Hardware |
Bulletins:
CVE-2012-1338 |
Severity: Medium |
| Description: Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | ||||
| Applies to: Cisco Catalyst 3560 Cisco Catalyst 3560E Cisco Catalyst 3560X Cisco Catalyst 3750 Cisco Catalyst 3750 Metro Cisco Catalyst 3750E Cisco Catalyst 3750G Cisco Catalyst 3750X |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1350 |
Title: Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. |
Type: Hardware |
Bulletins:
CVE-2012-1350 |
Severity: High |
| Description: Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. | ||||
| Applies to: Cisco Aironet 1040 Cisco Aironet 1131 Cisco Aironet 1140 Cisco Aironet 1260 Cisco Aironet 3500 Cisco Aironet AP1240 Cisco Aironet Ap 1230 Cisco Aironet Ap1100 Cisco Aironet Ap1130ag Cisco Aironet Ap1200 Cisco Aironet Ap1240 Cisco Aironet... |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2472 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU... |
Type: Hardware |
Bulletins:
CVE-2012-2472 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2824 |
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. |
Type: Mobile Devices |
Bulletins:
CVE-2012-2824 |
Severity: High |
| Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. | ||||
| Applies to: |
Created: 2012-06-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2807 |
Title: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via... |
Type: Mobile Devices |
Bulletins:
CVE-2012-2807 SFBID54718 |
Severity: Medium |
| Description: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: |
Created: 2012-06-27 |
Updated: 2024-01-17 |
||
| ID: MITRE:15621 |
Title: GDI+ Record Type Vulnerability |
Type: Software |
Bulletins:
MITRE:15621 CVE-2012-0165 |
Severity: High |
| Description: GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." | ||||
| Applies to: Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
Created: 2012-06-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3058 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause... |
Type: Hardware |
Bulletins:
CVE-2012-3058 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-06-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2488 |
Title: Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. |
Type: Hardware |
Bulletins:
CVE-2012-2488 SFBID53728 |
Severity: High |
| Description: Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. | ||||
| Applies to: |
Created: 2012-05-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3102 |
Title: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3102 SFBID53540 |
Severity: Medium |
| Description: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: |
Created: 2012-05-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0672 |
Title: WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0672 SFBID53404 |
Severity: Medium |
| Description: WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| Applies to: |
Created: 2012-05-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0674 |
Title: Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0674 |
Severity: Medium |
| Description: Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | ||||
| Applies to: |
Created: 2012-05-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0376 |
Title: The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
Type: Hardware |
Bulletins:
CVE-2012-0376 |
Severity: Medium |
| Description: The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. | ||||
| Applies to: Unified Communications Manager |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1324 |
Title: Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. |
Type: Hardware |
Bulletins:
CVE-2012-1324 |
Severity: High |
| Description: Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. | ||||
| Applies to: |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4023 |
Title: Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. |
Type: Hardware |
Bulletins:
CVE-2011-4023 |
Severity: High |
| Description: Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. | ||||
| Applies to: Cisco Nexus 2224tp Cisco Nexus 2232pp Cisco Nexus 2232tm Cisco Nexus 2248tp Cisco Nexus 2248tp-e Cisco Nexus 5020p Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus C2148T-1GE Cisco Nexus C5010P-BF |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4019 |
Title: Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs... |
Type: Hardware |
Bulletins:
CVE-2011-4019 |
Severity: Medium |
| Description: Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. | ||||
| Applies to: Unified Communications Manager |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1327 |
Title: dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,... |
Type: Hardware |
Bulletins:
CVE-2012-1327 |
Severity: Medium |
| Description: dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | ||||
| Applies to: |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4231 |
Title: Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. |
Type: Hardware |
Bulletins:
CVE-2011-4231 |
Severity: Medium |
| Description: Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. | ||||
| Applies to: |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0378 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect... |
Type: Hardware |
Bulletins:
CVE-2012-0378 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4016 |
Title: The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2011-4016 |
Severity: Medium |
| Description: The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3295 |
Title: The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. |
Type: Hardware |
Bulletins:
CVE-2011-3295 |
Severity: High |
| Description: The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2586 |
Title: The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. |
Type: Hardware |
Bulletins:
CVE-2011-2586 |
Severity: Medium |
| Description: The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0362 |
Title: The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network... |
Type: Hardware |
Bulletins:
CVE-2012-0362 |
Severity: Medium |
| Description: The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4006 |
Title: The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. |
Type: Hardware |
Bulletins:
CVE-2011-4006 |
Severity: High |
| Description: The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2578 |
Title: Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. |
Type: Hardware |
Bulletins:
CVE-2011-2578 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3285 |
Title: CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks... |
Type: Hardware |
Bulletins:
CVE-2011-3285 |
Severity: Medium |
| Description: CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4015 |
Title: Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. |
Type: Hardware |
Bulletins:
CVE-2011-4015 |
Severity: Medium |
| Description: Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4007 |
Title: Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2)... |
Type: Hardware |
Bulletins:
CVE-2011-4007 |
Severity: Medium |
| Description: Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3289 |
Title: Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. |
Type: Hardware |
Bulletins:
CVE-2011-3289 |
Severity: Low |
| Description: Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0339 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client,... |
Type: Hardware |
Bulletins:
CVE-2012-0339 |
Severity: Medium |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0338 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka... |
Type: Hardware |
Bulletins:
CVE-2012-0338 |
Severity: Medium |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4012 |
Title: Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091. |
Type: Hardware |
Bulletins:
CVE-2011-4012 |
Severity: High |
| Description: Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091. | ||||
| Applies to: |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3309 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE... |
Type: Hardware |
Bulletins:
CVE-2011-3309 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0335 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a... |
Type: Hardware |
Bulletins:
CVE-2012-0335 SFBID53558 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-2439 |
Title: The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. |
Type: Hardware |
Bulletins:
CVE-2012-2439 |
Severity: High |
| Description: The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: FVS318v3 Firewall |
Created: 2012-04-27 |
Updated: 2024-01-17 |
||
| ID: MITRE:15075 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:15075 CVE-2012-0498 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:15069 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. |
Type: Software |
Bulletins:
MITRE:15069 CVE-2012-0501 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:14878 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote... |
Type: Software |
Bulletins:
MITRE:14878 CVE-2012-0499 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:14082 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... |
Type: Software |
Bulletins:
MITRE:14082 CVE-2012-0506 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:14900 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... |
Type: Software |
Bulletins:
MITRE:14900 CVE-2012-0502 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:14813 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... |
Type: Software |
Bulletins:
MITRE:14813 CVE-2012-0503 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:14942 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:14942 CVE-2011-3563 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:13976 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start... |
Type: Software |
Bulletins:
MITRE:13976 CVE-2012-0505 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||||
| Applies to: Java Runtime Environment |
Created: 2012-04-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3058 |
Title: Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3058 SFBID52762 |
Severity: Medium |
| Description: Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| Applies to: |
Created: 2012-03-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1314 |
Title: The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. |
Type: Hardware |
Bulletins:
CVE-2012-1314 SFBID52751 |
Severity: High |
| Description: The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0386 |
Title: The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse... |
Type: Hardware |
Bulletins:
CVE-2012-0386 SFBID52752 |
Severity: High |
| Description: The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0385 |
Title: The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. |
Type: Hardware |
Bulletins:
CVE-2012-0385 SFBID52756 |
Severity: High |
| Description: The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1311 |
Title: The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets,... |
Type: Hardware |
Bulletins:
CVE-2012-1311 SFBID52754 |
Severity: High |
| Description: The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0382 |
Title: The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote... |
Type: Hardware |
Bulletins:
CVE-2012-0382 SFBID52759 |
Severity: High |
| Description: The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1312 |
Title: The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. |
Type: Hardware |
Bulletins:
CVE-2012-1312 SFBID52751 |
Severity: High |
| Description: The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0381 |
Title: The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2012-0381 SFBID52757 |
Severity: High |
| Description: The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1310 |
Title: Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536. |
Type: Hardware |
Bulletins:
CVE-2012-1310 SFBID52753 |
Severity: High |
| Description: Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1315 |
Title: Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171. |
Type: Hardware |
Bulletins:
CVE-2012-1315 SFBID52753 |
Severity: High |
| Description: Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0383 |
Title: Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation... |
Type: Hardware |
Bulletins:
CVE-2012-0383 SFBID52758 |
Severity: High |
| Description: Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0387 |
Title: Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2012-0387 SFBID52753 |
Severity: High |
| Description: Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0388 |
Title: Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-0388 SFBID52753 |
Severity: High |
| Description: Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0384 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow... |
Type: Hardware |
Bulletins:
CVE-2012-0384 SFBID52755 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | ||||
| Applies to: |
Created: 2012-03-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0353 |
Title: The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3... |
Type: Hardware |
Bulletins:
CVE-2012-0353 SFBID52484 |
Severity: High |
| Description: The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0354 |
Title: The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before... |
Type: Hardware |
Bulletins:
CVE-2012-0354 SFBID52489 |
Severity: High |
| Description: The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0355 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2012-0355 SFBID52488 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0356 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8),... |
Type: Hardware |
Bulletins:
CVE-2012-0356 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 6503 Switch Cisco Catalyst 6504-E Switch Cisco Catalyst 6506E Switch Cisco Catalyst 6509-E Switch Cisco Catalyst 6509-NEB-A Switch Cisco Catalyst... |
Created: 2012-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0358 |
Title: Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before... |
Type: Hardware |
Bulletins:
CVE-2012-0358 |
Severity: High |
| Description: Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2012-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2833 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2833 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2867 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2867 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2868 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2868 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2869 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2869 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2870 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2870 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2871 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2871 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2872 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2872 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2873 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2873 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0611 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0611 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0612 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0612 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0616 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0616 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0617 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0617 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0591 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0591 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0592 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0592 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0593 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0593 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0594 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0594 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0595 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0595 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0596 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0596 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0597 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0597 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0598 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0598 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0599 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0599 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0600 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0600 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0601 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0601 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0602 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0602 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0603 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0603 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0604 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0604 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0605 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0605 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0606 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0606 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0607 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0607 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0608 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0608 SFBID52365 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0609 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0609 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0610 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0610 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0613 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0613 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0614 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0614 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0615 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0615 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0618 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0618 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0619 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0619 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0620 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0620 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0621 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0621 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0622 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0622 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0623 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0623 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0624 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0624 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0625 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0625 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0626 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0626 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0627 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0627 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0628 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0628 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0629 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0629 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0630 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0630 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0631 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0631 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0632 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0632 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0633 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0633 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0635 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0635 SFBID52365 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0585 |
Title: The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0585 |
Severity: Medium |
| Description: The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0643 |
Title: The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0643 |
Severity: High |
| Description: The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0645 |
Title: Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0645 |
Severity: Low |
| Description: Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0644 |
Title: Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0644 |
Severity: Medium |
| Description: Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0642 |
Title: Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0642 |
Severity: High |
| Description: Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0646 |
Title: Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0646 |
Severity: High |
| Description: Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0590 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0590 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0586 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588,... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0586 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0587 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588,... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0587 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0588 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0588 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0589 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,... |
Type: Mobile Devices |
Bulletins:
CVE-2012-0589 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0641 |
Title: CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. |
Type: Mobile Devices |
Bulletins:
CVE-2012-0641 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | ||||
| Applies to: |
Created: 2012-03-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0368 |
Title: The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device... |
Type: Hardware |
Bulletins:
CVE-2012-0368 |
Severity: High |
| Description: The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4487 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and... |
Type: Hardware |
Bulletins:
CVE-2011-4487 |
Severity: Medium |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. | ||||
| Applies to: Unified Communications Manager |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0369 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-0369 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0371 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. |
Type: Hardware |
Bulletins:
CVE-2012-0371 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0370 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2)... |
Type: Hardware |
Bulletins:
CVE-2012-0370 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4486 |
Title: Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before... |
Type: Hardware |
Bulletins:
CVE-2011-4486 |
Severity: High |
| Description: Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538. | ||||
| Applies to: Unified Communications Manager |
Created: 2012-02-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0363 |
Title: The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a... |
Type: Hardware |
Bulletins:
CVE-2012-0363 |
Severity: High |
| Description: The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. | ||||
| Applies to: Cisco srp521 Cisco srp526 Cisco srp527 Cisco srp541 Cisco srp546 Cisco srp547 |
Created: 2012-02-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0365 |
Title: Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload... |
Type: Hardware |
Bulletins:
CVE-2012-0365 |
Severity: High |
| Description: Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. | ||||
| Applies to: Cisco srp521 Cisco srp526 Cisco srp527 Cisco srp541 Cisco srp546 Cisco srp547 |
Created: 2012-02-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0364 |
Title: Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. |
Type: Hardware |
Bulletins:
CVE-2012-0364 |
Severity: High |
| Description: Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | ||||
| Applies to: Cisco srp521 Cisco srp526 Cisco srp527 Cisco srp541 Cisco srp546 Cisco srp547 |
Created: 2012-02-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0352 |
Title: Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote... |
Type: Hardware |
Bulletins:
CVE-2012-0352 |
Severity: High |
| Description: Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991. | ||||
| Applies to: Cisco Nexus 1000V VSM Cisco Nexus 5000 Series Cisco Nexus 5010 Cisco Nexus 5020 Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2012-02-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14309 |
Title: Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. |
Type: Software |
Bulletins:
MITRE:14309 CVE-2011-1214 |
Severity: High |
| Description: Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14650 |
Title: Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. |
Type: Software |
Bulletins:
MITRE:14650 CVE-2011-1215 |
Severity: High |
| Description: Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14489 |
Title: Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of... |
Type: Software |
Bulletins:
MITRE:14489 CVE-2010-1608 |
Severity: High |
| Description: Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:13796 |
Title: Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. |
Type: Software |
Bulletins:
MITRE:13796 CVE-2011-1216 |
Severity: High |
| Description: Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14634 |
Title: Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka... |
Type: Software |
Bulletins:
MITRE:14634 CVE-2011-1213 |
Severity: High |
| Description: Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14725 |
Title: IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. |
Type: Software |
Bulletins:
MITRE:14725 CVE-2010-1487 |
Severity: Low |
| Description: IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14203 |
Title: Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR... |
Type: Software |
Bulletins:
MITRE:14203 CVE-2011-1512 |
Severity: High |
| Description: Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14238 |
Title: Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are... |
Type: Software |
Bulletins:
MITRE:14238 CVE-2011-1218 |
Severity: High |
| Description: Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14822 |
Title: Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party... |
Type: Software |
Bulletins:
MITRE:14822 CVE-2011-1217 |
Severity: High |
| Description: Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:14348 |
Title: Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share... |
Type: Software |
Bulletins:
MITRE:14348 CVE-2011-0912 |
Severity: High |
| Description: Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. | ||||
| Applies to: Lotus Notes |
Created: 2012-01-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3874 |
Title: Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3874 |
Severity: High |
| Description: Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. | ||||
| Applies to: |
Created: 2012-01-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4276 |
Title: The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |
Type: Mobile Devices |
Bulletins:
CVE-2011-4276 |
Severity: Medium |
| Description: The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. | ||||
| Applies to: |
Created: 2012-01-25 |
Updated: 2024-01-17 |
||
| ID: MITRE:14282 |
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14282 CVE-2010-0844 |
Severity: High |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13357 |
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:13357 CVE-2010-0839 |
Severity: High |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14092 |
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14092 CVE-2010-0843 |
Severity: High |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14101 |
Title: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14101 CVE-2010-0842 |
Severity: High |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14276 |
Title: Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
Type: Software |
Bulletins:
MITRE:14276 CVE-2010-0837 |
Severity: High |
| Description: Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14340 |
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14340 CVE-2010-3549 |
Severity: Medium |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14354 |
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14354 CVE-2010-3541 |
Severity: Medium |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14208 |
Title: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. |
Type: Software |
Bulletins:
MITRE:14208 CVE-2010-0089 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13959 |
Title: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:13959 CVE-2010-0087 |
Severity: High |
| Description: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13662 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to... |
Type: Software |
Bulletins:
MITRE:13662 CVE-2011-3521 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14492 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14492 CVE-2011-3548 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14339 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14339 CVE-2011-3547 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14394 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14394 CVE-2011-3560 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14465 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown... |
Type: Software |
Bulletins:
MITRE:14465 CVE-2011-3552 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14316 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:14316 CVE-2011-3556 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14373 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:14373 CVE-2011-3557 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14524 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to... |
Type: Software |
Bulletins:
MITRE:14524 CVE-2011-3554 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14180 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:14180 CVE-2011-3545 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13885 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:13885 CVE-2011-3549 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14210 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
Type: Software |
Bulletins:
MITRE:14210 CVE-2010-0092 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14288 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... |
Type: Software |
Bulletins:
MITRE:14288 CVE-2010-0093 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14105 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... |
Type: Software |
Bulletins:
MITRE:14105 CVE-2010-0095 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13971 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via... |
Type: Software |
Bulletins:
MITRE:13971 CVE-2010-0840 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13492 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. |
Type: Software |
Bulletins:
MITRE:13492 CVE-2010-0091 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14061 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. |
Type: Software |
Bulletins:
MITRE:14061 CVE-2010-0084 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14321 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability... |
Type: Software |
Bulletins:
MITRE:14321 CVE-2010-0088 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13803 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability... |
Type: Software |
Bulletins:
MITRE:13803 CVE-2010-0085 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14351 |
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... |
Type: Software |
Bulletins:
MITRE:14351 CVE-2010-0094 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13552 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java... |
Type: Software |
Bulletins:
MITRE:13552 CVE-2010-4468 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14417 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets... |
Type: Software |
Bulletins:
MITRE:14417 CVE-2010-4471 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14045 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14045 CVE-2010-4448 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13639 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:13639 CVE-2010-4469 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14233 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14233 CVE-2010-4475 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14034 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14034 CVE-2010-4465 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14403 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and... |
Type: Software |
Bulletins:
MITRE:14403 CVE-2010-4447 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13546 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:13546 CVE-2010-4454 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14039 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:14039 CVE-2010-4462 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14119 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:14119 CVE-2010-4473 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14271 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows... |
Type: Software |
Bulletins:
MITRE:14271 CVE-2010-4466 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13888 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via... |
Type: Software |
Bulletins:
MITRE:13888 CVE-2011-0873 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14011 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start... |
Type: Software |
Bulletins:
MITRE:14011 CVE-2011-0866 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14240 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... |
Type: Software |
Bulletins:
MITRE:14240 CVE-2011-0867 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14081 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... |
Type: Software |
Bulletins:
MITRE:14081 CVE-2011-0865 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14112 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... |
Type: Software |
Bulletins:
MITRE:14112 CVE-2011-0871 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14225 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... |
Type: Software |
Bulletins:
MITRE:14225 CVE-2011-0864 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14335 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted... |
Type: Software |
Bulletins:
MITRE:14335 CVE-2011-0815 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14477 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:14477 CVE-2011-0802 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14174 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:14174 CVE-2011-0814 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14475 |
Title: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.... |
Type: Software |
Bulletins:
MITRE:14475 CVE-2010-3548 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13923 |
Title: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the... |
Type: Software |
Bulletins:
MITRE:13923 CVE-2010-0838 |
Severity: High |
| Description: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13795 |
Title: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:13795 CVE-2010-0849 |
Severity: High |
| Description: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14453 |
Title: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14453 CVE-2010-0847 |
Severity: High |
| Description: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14350 |
Title: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14350 CVE-2010-0848 |
Severity: High |
| Description: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14144 |
Title: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ... |
Type: Software |
Bulletins:
MITRE:14144 CVE-2010-0841 |
Severity: High |
| Description: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX". | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14503 |
Title: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:14503 CVE-2010-0846 |
Severity: High |
| Description: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl). | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14521 |
Title: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
Type: Software |
Bulletins:
MITRE:14521 CVE-2010-0845 |
Severity: Medium |
| Description: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13934 |
Title: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via... |
Type: Software |
Bulletins:
MITRE:13934 CVE-2010-0082 |
Severity: Medium |
| Description: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:14328 |
Title: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other... |
Type: Software |
Bulletins:
MITRE:14328 CVE-2010-4476 |
Severity: Medium |
| Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
| ID: MITRE:13317 |
Title: Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:13317 CVE-2011-0862 |
Severity: High |
| Description: Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2012-01-16 |
Updated: 2024-01-17 |
||
