CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2011-4188 119 DoS Overflow 2012-04-09 2017-12-28
4.0
None Remote Low Single system None None Partial
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929.
202 CVE-2011-4045 119 DoS Overflow 2012-04-02 2012-04-03
4.3
None Remote Medium Not required None None Partial
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
203 CVE-2011-4044 2012-04-02 2012-04-03
5.8
None Remote Medium Not required None Partial Partial
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
204 CVE-2011-4043 189 Exec Code Overflow 2012-04-02 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
205 CVE-2011-4042 Exec Code 2012-04-02 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
206 CVE-2011-3846 352 CSRF 2012-04-12 2012-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
207 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
208 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
209 CVE-2011-3077 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
210 CVE-2011-3076 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
211 CVE-2011-3075 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
212 CVE-2011-3074 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
213 CVE-2011-3073 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
214 CVE-2011-3072 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
215 CVE-2011-3071 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
216 CVE-2011-3070 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
217 CVE-2011-3069 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
218 CVE-2011-3068 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
219 CVE-2011-3067 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
220 CVE-2011-3066 119 DoS Overflow 2012-04-05 2017-12-06
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
221 CVE-2011-2478 94 Exec Code 2012-04-17 2012-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
222 CVE-2011-1779 399 DoS 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
223 CVE-2011-1778 119 DoS Exec Code Overflow 2012-04-13 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
224 CVE-2011-1777 119 DoS Exec Code Overflow 2012-04-13 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
225 CVE-2010-4666 119 DoS Overflow 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
226 CVE-2008-7311 255 Bypass 2012-04-05 2012-04-12
5.0
None Remote Low Not required None Partial None
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
227 CVE-2008-7310 255 Bypass 2012-04-05 2012-04-05
5.0
None Remote Low Not required None Partial None
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability.
228 CVE-2008-7309 255 2012-04-05 2012-04-12
5.0
None Remote Low Not required None Partial None
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability.
Total number of vulnerabilities : 228   Page : 1 2 3 4 5 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.