Weekly Vulnerabilities Reports > March 5 to 11, 2012

Overview

119 new vulnerabilities reported during this period, including 78 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 55 products from 27 vendors including Apple, Google, Opensuse, Goforandroid, and Netease. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use After Free", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".

  • 117 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 119 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 79 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 48 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

78 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-09 CVE-2011-3046 Google
Opensuse
Apple
Cross-Site Scripting vulnerability in Google Chrome

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

10.0
2012-03-07 CVE-2012-1407 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Message Widget 1.9/2.1/2.3

Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1406 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Bookmark Widget 1.1

Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1405 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Note Widget 1.5/1.9

Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1404 Dolphin Browser
Google
Unspecified vulnerability in Dolphin-Browser Dolphin Browser Mini 2.2

Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1403 Dolphin Browser
Google
Remote Security vulnerability in Dolphin Browser CN 6.3.1/7.2.1

Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1402 1Kxun
Google
Unspecified vulnerability in 1Kxun Qianxun Yingshi 1.2.3/1.3.4

Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) application 1.2.3 and 1.3.4 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1401 Intsig
Google
Unspecified vulnerability in Intsig Camscanner 1.2.2.20110823/1.3.2.20120116

Unspecified vulnerability in the CamScanner (com.intsig.camscanner) application 1.2.2.20110823 and 1.3.2.20120116 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1400 Uplus
Google
Unspecified vulnerability in Uplus U+Box 2.0 PAD 2.0.8.4

Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1399 Uplus
Google
Unspecified vulnerability in Uplus U+Box 2.0 2.0.2/2.0.8.4

Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1398 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Weibowidget 2.4

Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1397 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Qqweibowidget 1.2

Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1396 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Fbwidget 1.9/2.1

Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1395 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Twiwidget 1.7/2.1

Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.gowidget.twitterwidget) application 1.7 and 2.1 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1394 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO Email Widget 1.3.1/1.8/1.81

Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1393 Goforandroid
Google
Unspecified vulnerability in Goforandroid GO SMS PRO 3.72/4.10/4.35

Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1392 Dolphin Browser
Google
Unspecified vulnerability in Dolphin-Browser Dolphin Browser HD

Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1391 Mobisynapse
Google
Unspecified vulnerability in Mobisynapse Moffice-Outlook Sync 3.1

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1390 Gomiso
Google
Unspecified vulnerability in Gomiso Miso 2.2

Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1389 Icekirin
Google
Unspecified vulnerability in Icekirin DI Long Weibo 1.9.9

Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1388 Xixun
Google
Unspecified vulnerability in Xixun Xixuntiantian 0.6.2

Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1387 Uangel
Google
Unspecified vulnerability in Uangel Realtalk A.0.9.250

Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1386 Youmail
Google
Unspecified vulnerability in Youmail Visual Voicemail Plus 2.0.45/2.1.43

Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1385 Netease
Google
Unspecified vulnerability in Netease Weibohd 1.0.0

Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1384 Netease
Google
Unspecified vulnerability in Netease Pmail 0.5.0/0.5.2

Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1383 Netease
Google
Unspecified vulnerability in Netease Reader 1.1.2/1.2.0

Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1382 Netease
Google
Unspecified vulnerability in Netease Youdao Dictionary 1.6.1/2.0.1(2)/3.0.0(1)

Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1381 Netease
Google
Unspecified vulnerability in Netease Cloudalbum 2.0.0/2.2.0

Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors.

10.0
2012-03-07 CVE-2012-1380 Netease
Google
Unspecified vulnerability in Netease Neteaseweibo 1.2.1/1.2.2

Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors.

10.0
2012-03-05 CVE-2012-0768 Adobe
Apple
Linux
Microsoft
SUN
Google
Resource Management Errors vulnerability in Adobe Flash Player and Flash Player for Android

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2012-03-10 CVE-2011-3047 Google
Opensuse
Buffer Errors vulnerability in Google Chrome

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.

9.3
2012-03-08 CVE-2012-0646 Apple USE of Externally-Controlled Format String vulnerability in Apple Iphone OS

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

9.3
2012-03-08 CVE-2012-0643 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

9.3
2012-03-08 CVE-2012-0642 Apple Numeric Errors vulnerability in Apple Iphone OS

Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.

9.3
2012-03-08 CVE-2012-0635 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0633 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0632 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0631 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0630 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0629 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0628 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0627 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0626 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0625 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0624 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0623 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0622 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0621 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0620 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0619 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0618 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0617 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0616 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0615 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0614 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0613 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0612 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0611 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0610 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0609 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0607 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0606 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0605 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0604 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0603 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0602 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0601 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0600 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0599 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0598 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0597 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0596 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0595 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0594 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0593 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0592 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-08 CVE-2012-0591 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

9.3
2012-03-06 CVE-2012-0198 IBM Unspecified vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1

Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.

9.3

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-08 CVE-2012-0648 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2012-0639 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2012-0638 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2012-0637 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2012-0636 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2012-0634 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6
2012-03-08 CVE-2011-3845 Apple Resource Management Errors vulnerability in Apple Safari 5.1.2

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

7.6
2012-03-06 CVE-2012-0397 RSA Buffer Errors vulnerability in RSA Securid Software Token Converter 2.6

Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

7.6
2012-03-06 CVE-2012-0199 IBM SQL Injection vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1

Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.

7.5
2012-03-05 CVE-2011-3033 Google
Opensuse
Classic Buffer Overflow vulnerability in Google Chrome

Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-08 CVE-2012-0644 Apple Race Condition vulnerability in Apple Iphone OS

Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.

6.9
2012-03-08 CVE-2012-0608 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

6.8
2012-03-05 CVE-2011-3044 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.

6.8
2012-03-05 CVE-2011-3043 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.

6.8
2012-03-05 CVE-2011-3042 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.

6.8
2012-03-05 CVE-2011-3041 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.

6.8
2012-03-05 CVE-2011-3039 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

6.8
2012-03-05 CVE-2011-3038 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.

6.8
2012-03-05 CVE-2011-3037 Google
Opensuse
Apple
Incorrect Type Conversion OR Cast vulnerability in Google Chrome

Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8
2012-03-05 CVE-2011-3036 Google
Opensuse
Apple
Incorrect Type Conversion OR Cast vulnerability in Google Chrome

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8
2012-03-05 CVE-2011-3035 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8
2012-03-05 CVE-2011-3034 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

6.8
2012-03-05 CVE-2011-3032 Google
Opensuse
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

6.8
2012-03-05 CVE-2011-3031 Google
Opensuse
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2012-03-09 CVE-2012-1545 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

5.8
2012-03-08 CVE-2012-0641 Apple Improper Input Validation vulnerability in Apple Iphone OS

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

5.0
2012-03-08 CVE-2012-0585 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

5.0
2012-03-08 CVE-2012-0292 Symantec Improper Input Validation vulnerability in Symantec products

The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.

5.0
2012-03-05 CVE-2012-0769 Adobe
Apple
Linux
Microsoft
SUN
Google
Numeric Errors vulnerability in Adobe Flash Player and Flash Player for Android

Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.

5.0
2012-03-09 CVE-2012-0325 Cloudbees
Jenkins
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

4.3
2012-03-09 CVE-2012-0324 Cloudbees
Jenkins
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

4.3
2012-03-09 CVE-2012-0323 Paul Lesniewsk
Squirrelmail
Cross-Site Scripting vulnerability in Paul Lesniewsk Autocomplete

Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-03-08 CVE-2012-0590 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

4.3
2012-03-08 CVE-2012-0589 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.

4.3
2012-03-08 CVE-2012-0588 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.

4.3
2012-03-08 CVE-2012-0587 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.

4.3
2012-03-08 CVE-2012-0586 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.

4.3
2012-03-08 CVE-2011-3844 Apple Improper Input Validation vulnerability in Apple Safari 5.0.5

Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.

4.3
2012-03-05 CVE-2012-0322 Estrongs
Google
Permissions, Privileges, and Access Controls vulnerability in Estrongs ES File Explorer 1.6.0.2/1.6.1.1

The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function.

4.3
2012-03-05 CVE-2011-3040 Google
Opensuse
Apple
Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-08 CVE-2012-0645 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

1.2