Weekly Vulnerabilities Reports > March 5 to 11, 2012
Overview
129 new vulnerabilities reported during this period, including 87 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 28 vendors including Apple, Google, Opensuse, Goforandroid, and Netease. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use After Free", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 127 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 129 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 88 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 56 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
87 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-03-09 | CVE-2012-0245 | ABB | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ABB products Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. | 10.0 |
| 2012-03-09 | CVE-2011-3046 | Google Opensuse Apple | Cross-Site Scripting vulnerability in Google Chrome The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 10.0 |
| 2012-03-07 | CVE-2012-1407 | Goforandroid | Unspecified vulnerability in Goforandroid GO Message Widget 1.9/2.1/2.3 Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1406 | Goforandroid | Unspecified vulnerability in Goforandroid GO Bookmark Widget 1.1 Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1405 | Goforandroid | Unspecified vulnerability in Goforandroid GO Note Widget 1.5/1.9 Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1404 | Dolphin Browser | Unspecified vulnerability in Dolphin-Browser Dolphin Browser Mini 2.2 Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1403 | Dolphin Browser | Remote Security vulnerability in Dolphin Browser CN 6.3.1/7.2.1 Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1402 | 1Kxun | Unspecified vulnerability in 1Kxun Qianxun Yingshi 1.2.3/1.3.4 Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) application 1.2.3 and 1.3.4 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1401 | Intsig | Unspecified vulnerability in Intsig Camscanner 1.2.2.20110823/1.3.2.20120116 Unspecified vulnerability in the CamScanner (com.intsig.camscanner) application 1.2.2.20110823 and 1.3.2.20120116 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1400 | Uplus | Unspecified vulnerability in Uplus U+Box 2.0 PAD 2.0.8.4 Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1399 | Uplus | Unspecified vulnerability in Uplus U+Box 2.0 2.0.2/2.0.8.4 Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1398 | Goforandroid | Unspecified vulnerability in Goforandroid GO Weibowidget 2.4 Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1397 | Goforandroid | Unspecified vulnerability in Goforandroid GO Qqweibowidget 1.2 Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1396 | Goforandroid | Unspecified vulnerability in Goforandroid GO Fbwidget 1.9/2.1 Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1395 | Goforandroid | Unspecified vulnerability in Goforandroid GO Twiwidget 1.7/2.1 Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.gowidget.twitterwidget) application 1.7 and 2.1 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1394 | Goforandroid | Unspecified vulnerability in Goforandroid GO Email Widget 1.3.1/1.8/1.81 Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1393 | Goforandroid | Unspecified vulnerability in Goforandroid GO SMS PRO 3.72/4.10/4.35 Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1392 | Dolphin Browser | Unspecified vulnerability in Dolphin-Browser Dolphin Browser HD Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1391 | Mobisynapse | Unspecified vulnerability in Mobisynapse Moffice-Outlook Sync 3.1 Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1390 | Gomiso | Unspecified vulnerability in Gomiso Miso 2.2 Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1389 | Icekirin | Unspecified vulnerability in Icekirin DI Long Weibo 1.9.9 Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1388 | Xixun | Unspecified vulnerability in Xixun Xixuntiantian 0.6.2 Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1387 | Uangel | Unspecified vulnerability in Uangel Realtalk A.0.9.250 Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1386 | Youmail | Unspecified vulnerability in Youmail Visual Voicemail Plus 2.0.45/2.1.43 Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1385 | Netease | Unspecified vulnerability in Netease Weibohd 1.0.0 Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1384 | Netease | Unspecified vulnerability in Netease Pmail 0.5.0/0.5.2 Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1383 | Netease | Unspecified vulnerability in Netease Reader 1.1.2/1.2.0 Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1382 | Netease | Unspecified vulnerability in Netease Youdao Dictionary 1.6.1/2.0.1(2)/3.0.0(1) Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1381 | Netease | Unspecified vulnerability in Netease Cloudalbum 2.0.0/2.2.0 Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-07 | CVE-2012-1380 | Netease | Unspecified vulnerability in Netease Neteaseweibo 1.2.1/1.2.2 Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors. | 10.0 |
| 2012-03-05 | CVE-2012-0768 | Adobe Apple Linux Microsoft SUN | Resource Management Errors vulnerability in Adobe Flash Player and Flash Player for Android The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2012-03-10 | CVE-2011-3047 | Google Opensuse | Buffer Errors vulnerability in Google Chrome The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. | 9.3 |
| 2012-03-08 | CVE-2012-0646 | Apple | USE of Externally-Controlled Format String vulnerability in Apple Iphone OS Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | 9.3 |
| 2012-03-08 | CVE-2012-0643 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | 9.3 |
| 2012-03-08 | CVE-2012-0642 | Apple | Numeric Errors vulnerability in Apple Iphone OS Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | 9.3 |
| 2012-03-08 | CVE-2012-0635 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0633 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0632 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0631 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0630 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0629 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0628 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0627 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0626 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0625 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0624 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0623 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0622 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0621 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0620 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0619 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0618 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0617 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0616 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0615 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0614 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0613 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0612 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0611 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0610 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0609 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0607 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0606 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0605 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0604 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0603 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0602 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0601 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0600 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0599 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0598 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0597 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0596 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0595 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0594 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0593 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0592 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0591 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2873 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2872 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2871 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2870 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2869 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2868 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2867 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2011-2833 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-06 | CVE-2012-0198 | IBM | Unspecified vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file. | 9.3 |
11 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-03-08 | CVE-2012-0648 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0639 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0638 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0637 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0636 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0634 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2011-2866 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2011-3845 | Apple | Resource Management Errors vulnerability in Apple Safari 5.1.2 Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. | 7.6 |
| 2012-03-06 | CVE-2012-0397 | RSA | Buffer Errors vulnerability in RSA Securid Software Token Converter 2.6 Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | 7.6 |
| 2012-03-06 | CVE-2012-0199 | IBM | SQL Injection vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. | 7.5 |
| 2012-03-05 | CVE-2011-3033 | Google Opensuse | Classic Buffer Overflow vulnerability in Google Chrome Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
30 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-03-08 | CVE-2012-0644 | Apple | Race Condition vulnerability in Apple Iphone OS Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | 6.9 |
| 2012-03-08 | CVE-2012-0608 | Apple | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 6.8 |
| 2012-03-05 | CVE-2011-3044 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. | 6.8 |
| 2012-03-05 | CVE-2011-3043 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | 6.8 |
| 2012-03-05 | CVE-2011-3042 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections. | 6.8 |
| 2012-03-05 | CVE-2011-3041 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes. | 6.8 |
| 2012-03-05 | CVE-2011-3039 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling. | 6.8 |
| 2012-03-05 | CVE-2011-3038 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling. | 6.8 |
| 2012-03-05 | CVE-2011-3037 | Google Opensuse Apple | Incorrect Type Conversion OR Cast vulnerability in Google Chrome Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 6.8 |
| 2012-03-05 | CVE-2011-3036 | Google Opensuse Apple | Incorrect Type Conversion OR Cast vulnerability in Google Chrome Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 6.8 |
| 2012-03-05 | CVE-2011-3035 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | 6.8 |
| 2012-03-05 | CVE-2011-3034 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document. | 6.8 |
| 2012-03-05 | CVE-2011-3032 | Google Opensuse Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values. | 6.8 |
| 2012-03-05 | CVE-2011-3031 | Google Opensuse | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2012-03-09 | CVE-2012-1545 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. | 5.8 |
| 2012-03-08 | CVE-2012-0641 | Apple | Improper Input Validation vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | 5.0 |
| 2012-03-08 | CVE-2012-0585 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. | 5.0 |
| 2012-03-08 | CVE-2012-0292 | Symantec | Improper Input Validation vulnerability in Symantec products The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. | 5.0 |
| 2012-03-05 | CVE-2012-0769 | Adobe Apple Linux Microsoft SUN | Numeric Errors vulnerability in Adobe Flash Player and Flash Player for Android Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2012-03-09 | CVE-2012-0325 | Cloudbees Jenkins | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. | 4.3 |
| 2012-03-09 | CVE-2012-0324 | Cloudbees Jenkins | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. | 4.3 |
| 2012-03-09 | CVE-2012-0323 | Paul Lesniewsk Squirrelmail | Cross-Site Scripting vulnerability in Paul Lesniewsk Autocomplete Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-03-08 | CVE-2012-0590 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. | 4.3 |
| 2012-03-08 | CVE-2012-0589 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. | 4.3 |
| 2012-03-08 | CVE-2012-0588 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. | 4.3 |
| 2012-03-08 | CVE-2012-0587 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589. | 4.3 |
| 2012-03-08 | CVE-2012-0586 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. | 4.3 |
| 2012-03-08 | CVE-2011-3844 | Apple | Improper Input Validation vulnerability in Apple Safari 5.0.5 Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. | 4.3 |
| 2012-03-05 | CVE-2012-0322 | Estrongs | Permissions, Privileges, and Access Controls vulnerability in Estrongs ES File Explorer 1.6.0.2/1.6.1.1 The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. | 4.3 |
| 2012-03-05 | CVE-2011-3040 | Google Opensuse Apple | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-03-08 | CVE-2012-0645 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. | 1.2 |