CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-7250 DoS 2012-02-29 2018-01-05
5.0
None Remote Low Not required None None Partial
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
2 CVE-2010-4562 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
3 CVE-2010-4563 200 +Info 2012-02-02 2012-02-03
5.0
None Remote Low Not required Partial None None
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
4 CVE-2010-5083 89 1 Exec Code Sql 2012-02-14 2019-07-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
5 CVE-2010-5084 352 CSRF 2012-02-14 2012-02-15
6.0
None Remote Medium Single system Partial Partial Partial
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
6 CVE-2010-5085 352 CSRF 2012-02-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
7 CVE-2011-1573 DoS 2012-02-01 2014-01-13
5.0
None Remote Low Not required None None Partial
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
8 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
9 CVE-2011-2393 399 DoS 2012-02-02 2012-02-03
7.8
None Remote Low Not required None None Complete
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
10 CVE-2011-2525 DoS 2012-02-01 2014-01-13
7.2
None Local Low Not required Complete Complete Complete
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.
11 CVE-2011-3015 189 DoS Overflow 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
12 CVE-2011-3016 399 DoS 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
13 CVE-2011-3017 399 DoS 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
14 CVE-2011-3018 119 DoS Overflow 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
15 CVE-2011-3019 119 DoS Overflow 2012-02-16 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
16 CVE-2011-3020 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
17 CVE-2011-3021 399 DoS 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
18 CVE-2011-3022 200 +Info 2012-02-16 2018-01-09
5.0
None Remote Low Not required Partial None None
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
19 CVE-2011-3023 399 DoS 2012-02-16 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
20 CVE-2011-3024 20 DoS 2012-02-16 2018-01-09
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
21 CVE-2011-3025 125 DoS 2012-02-16 2018-01-09
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
22 CVE-2011-3026 189 DoS Overflow 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
23 CVE-2011-3027 DoS 2012-02-16 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
24 CVE-2011-3361 79 XSS 2012-02-17 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi.
25 CVE-2011-3444 310 2012-02-02 2012-02-06
4.3
None Remote Medium Not required Partial None None
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
26 CVE-2011-3446 DoS Exec Code 2012-02-02 2012-02-03
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
27 CVE-2011-3447 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
28 CVE-2011-3448 119 DoS Exec Code Overflow 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
29 CVE-2011-3449 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
30 CVE-2011-3450 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
31 CVE-2011-3452 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
32 CVE-2011-3453 189 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
33 CVE-2011-3457 119 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
34 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-17
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
35 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
36 CVE-2011-3460 119 DoS Exec Code Overflow 2012-02-02 2012-05-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
37 CVE-2011-3462 +Info 2012-02-02 2012-02-03
5.0
None Remote Low Not required Partial None None
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.
38 CVE-2011-3463 287 +Priv 2012-02-02 2012-02-03
7.2
None Local Low Not required Complete Complete Complete
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
39 CVE-2011-3563 2012-02-15 2018-01-05
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
40 CVE-2011-3659 399 Exec Code 2012-02-01 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
41 CVE-2011-3670 200 +Info 2012-02-01 2017-12-28
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
42 CVE-2011-3953 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
43 CVE-2011-3954 DoS 2012-02-08 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
44 CVE-2011-3955 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
45 CVE-2011-3956 264 Bypass 2012-02-08 2017-09-18
5.0
None Remote Low Not required None Partial None
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
46 CVE-2011-3957 399 DoS 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
47 CVE-2011-3958 DoS 2012-02-08 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
48 CVE-2011-3959 119 DoS Overflow 2012-02-08 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
49 CVE-2011-3960 119 DoS Overflow 2012-02-08 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
50 CVE-2011-3961 362 Exec Code 2012-02-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
Total number of vulnerabilities : 353   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.