CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2012(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2942 119 DoS Exec Code Overflow 2012-05-27 2017-08-28
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
2 CVE-2012-2940 20 1 DoS 2012-05-27 2017-08-28
4.3
None Remote Medium Not required None None Partial
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
3 CVE-2012-2928 264 DoS 2012-05-22 2017-08-28
6.4
None Remote Low Not required Partial None Partial
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
4 CVE-2012-2927 399 DoS 2012-05-22 2017-08-28
4.0
None Remote Low Single system None None Partial
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
5 CVE-2012-2926 264 DoS 2012-05-22 2017-08-28
6.4
None Remote Low Not required Partial None Partial
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
6 CVE-2012-2921 399 DoS 2012-05-21 2013-08-21
5.0
None Remote Low Not required None None Partial
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
7 CVE-2012-2612 119 DoS Overflow 2012-05-15 2017-12-28
5.0
None Remote Low Not required None None Partial
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
8 CVE-2012-2514 119 DoS Overflow 2012-05-15 2017-12-05
5.0
None Remote Low Not required None None Partial
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
9 CVE-2012-2513 119 DoS Overflow 2012-05-15 2017-08-28
5.0
None Remote Low Not required None None Partial
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
10 CVE-2012-2512 119 DoS Overflow 2012-05-15 2017-08-28
5.0
None Remote Low Not required None None Partial
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
11 CVE-2012-2511 119 DoS Overflow 2012-05-15 2017-08-28
5.0
None Remote Low Not required None None Partial
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
12 CVE-2012-2488 20 DoS 2012-05-31 2012-08-24
7.8
None Remote Low Not required None None Complete
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
13 CVE-2012-2450 DoS Exec Code 2012-05-04 2017-12-13
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
14 CVE-2012-2449 119 DoS Exec Code Overflow 2012-05-04 2017-12-13
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
15 CVE-2012-2448 119 DoS Exec Code Overflow 2012-05-04 2017-12-13
7.5
None Remote Low Not required Partial Partial Partial
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.
16 CVE-2012-2426 399 DoS 2012-05-25 2012-05-28
7.8
None Remote Low Not required None None Complete
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
17 CVE-2012-2336 20 DoS 2012-05-11 2018-01-04
5.0
None Remote Low Not required None None Partial
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
18 CVE-2012-2333 189 DoS 2012-05-14 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
19 CVE-2012-2329 119 DoS Overflow 2012-05-11 2017-08-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
20 CVE-2012-2322 189 DoS Overflow 2012-05-18 2017-08-28
5.0
None Remote Low Not required None None Partial
Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet.
21 CVE-2012-2320 264 DoS Bypass 2012-05-18 2017-08-28
7.8
None Remote Low Not required None None Complete
ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message.
22 CVE-2012-2277 119 1 DoS Overflow 2012-05-14 2017-08-28
7.8
None Remote Low Not required None None Complete
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.
23 CVE-2012-2276 119 1 DoS Overflow 2012-05-14 2017-08-28
7.8
None Remote Low Not required None None Complete
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
24 CVE-2012-2121 264 DoS 2012-05-17 2018-01-04
4.9
None Local Low Not required None None Complete
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
25 CVE-2012-2118 20 DoS Exec Code 2012-05-18 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
26 CVE-2012-2042 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2012-09-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
27 CVE-2012-2033 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032.
28 CVE-2012-2032 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033.
29 CVE-2012-2031 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033.
30 CVE-2012-2030 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
31 CVE-2012-2029 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
32 CVE-2012-2026 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025.
33 CVE-2012-2025 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026.
34 CVE-2012-2024 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026.
35 CVE-2012-2023 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
36 CVE-2012-2006 DoS 2012-05-02 2017-12-13
4.9
None Remote Medium Single system None Partial Partial
Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.
37 CVE-2012-1987 DoS 2012-05-29 2019-07-11
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
38 CVE-2012-1821 DoS 2012-05-23 2018-01-04
5.0
None Remote Low Not required None None Partial
The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.
39 CVE-2012-1804 119 DoS Overflow Mem. Corr. 2012-05-14 2013-10-03
7.8
None Remote Low Not required None None Complete
The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.
40 CVE-2012-1601 399 DoS 2012-05-17 2018-01-04
4.9
None Local Low Not required None None Complete
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
41 CVE-2012-1521 399 DoS 2012-05-01 2017-12-13
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
42 CVE-2012-1517 119 DoS Exec Code Overflow 2012-05-04 2017-12-12
9.0
None Remote Low Single system Complete Complete Complete
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.
43 CVE-2012-1516 119 DoS Exec Code Overflow 2012-05-04 2019-09-27
9.0
None Remote Low Single system Complete Complete Complete
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
44 CVE-2012-1327 284 DoS 2012-05-03 2017-12-06
6.1
None Local Network Low Not required None None Complete
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
45 CVE-2012-1324 362 DoS 2012-05-03 2017-12-06
7.1
None Remote Medium Not required None None Complete
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
46 CVE-2012-1179 264 DoS 2012-05-17 2017-12-28
5.2
None Local Network Medium Single system None None Complete
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
47 CVE-2012-1172 20 DoS Dir. Trav. 2012-05-23 2018-01-17
5.8
None Remote Medium Not required None Partial Partial
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
48 CVE-2012-1146 DoS 2012-05-17 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
49 CVE-2012-1097 DoS 2012-05-17 2018-01-17
7.2
None Local Low Not required Complete Complete Complete
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
50 CVE-2012-1090 264 DoS 2012-05-17 2018-01-17
4.9
None Local Low Not required None None Complete
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
Total number of vulnerabilities : 144   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.