Weekly Vulnerabilities Reports > May 14 to 20, 2012
Overview
68 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 25 vendors including Google, Linux, Apple, Microsoft, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "Numeric Errors".
- 48 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 57 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
22 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-18 | CVE-2012-2118 | X ORG | Improper Input Validation vulnerability in X.Org X11 1.11 Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. | 10.0 |
2012-05-16 | CVE-2011-3099 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding. | 10.0 | |
2012-05-16 | CVE-2011-3097 | Improper Input Validation vulnerability in Google Chrome The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions. | 10.0 | |
2012-05-16 | CVE-2011-3095 | Improper Input Validation vulnerability in Google Chrome The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | 10.0 | |
2012-05-16 | CVE-2011-3092 | Improper Input Validation vulnerability in Google Chrome The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2012-05-16 | CVE-2011-3091 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2012-05-16 | CVE-2011-3089 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. | 10.0 | |
2012-05-16 | CVE-2011-3087 | Multiple Security vulnerability in Google Chrome 19.0.1084.45 Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. | 10.0 | |
2012-05-16 | CVE-2011-3086 | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element. | 10.0 | |
2012-05-18 | CVE-2012-2411 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. | 9.3 |
2012-05-18 | CVE-2012-2406 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer and Realplayer SP RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. | 9.3 |
2012-05-16 | CVE-2012-0671 | Apple | Code Injection vulnerability in Apple Quicktime Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. | 9.3 |
2012-05-16 | CVE-2012-0670 | Apple | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. | 9.3 |
2012-05-16 | CVE-2012-0669 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 9.3 |
2012-05-16 | CVE-2012-0668 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. | 9.3 |
2012-05-16 | CVE-2012-0667 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. | 9.3 |
2012-05-16 | CVE-2012-0666 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. | 9.3 |
2012-05-16 | CVE-2012-0665 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | 9.3 |
2012-05-16 | CVE-2012-0664 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. | 9.3 |
2012-05-16 | CVE-2012-0663 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. | 9.3 |
2012-05-16 | CVE-2012-0265 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. | 9.3 |
2012-05-15 | CVE-2012-2611 | SAP | Improper Input Validation vulnerability in SAP Netweaver 7.0 The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | 9.3 |
12 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-17 | CVE-2012-1097 | Linux Redhat Suse | NULL Pointer Dereference vulnerability in multiple products The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. | 7.8 |
2012-05-17 | CVE-2012-0044 | Linux Canonical | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. | 7.8 |
2012-05-14 | CVE-2012-2277 | EMC | Buffer Errors vulnerability in EMC Documentum Information Rights Management 4/5 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. | 7.8 |
2012-05-14 | CVE-2012-2276 | EMC | Buffer Errors vulnerability in EMC Documentum Information Rights Management 4/5 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. | 7.8 |
2012-05-14 | CVE-2012-1804 | Progea | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. | 7.8 |
2012-05-16 | CVE-2011-3090 | Race Condition vulnerability in Google Chrome Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. | 7.6 | |
2012-05-17 | CVE-2012-0207 | Linux Redhat | Divide By Zero vulnerability in multiple products The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. | 7.5 |
2012-05-16 | CVE-2011-3096 | Google Linux | Resource Management Errors vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox. | 7.5 |
2012-05-16 | CVE-2011-3084 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. | 7.5 | |
2012-05-14 | CVE-2011-1390 | IBM | SQL Injection vulnerability in IBM Rational Clearquest SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | 7.5 |
2012-05-18 | CVE-2012-2337 | Todd Miller | Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. | 7.2 |
2012-05-16 | CVE-2011-3098 | Opensuse Microsoft | Permissions, Privileges, and Access Controls vulnerability in multiple products Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. | 7.2 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-18 | CVE-2012-2010 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Openvms 8.3/8.31H1/8.4 The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | 6.9 |
2012-05-18 | CVE-2012-2341 | Rahul Singla Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Rahul Singla Take Control 6.X1.X/6.X2.0/6.X2.X Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. | 6.8 |
2012-05-16 | CVE-2011-3102 | Google Apple | Numeric Errors vulnerability in Google Chrome Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | 6.8 |
2012-05-14 | CVE-2012-2333 | Openssl Redhat | Numeric Errors vulnerability in multiple products Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. | 6.8 |
2012-05-18 | CVE-2012-1589 | Drupal | Improper Input Validation vulnerability in Drupal Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | 5.8 |
2012-05-17 | CVE-2012-1146 | Linux Fedoraproject Suse | NULL Pointer Dereference vulnerability in multiple products The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. | 5.5 |
2012-05-17 | CVE-2012-0879 | Linux Canonical Debian Suse | Resource Exhaustion vulnerability in multiple products The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. | 5.5 |
2012-05-17 | CVE-2012-0038 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. | 5.5 |
2012-05-17 | CVE-2011-4621 | Linux | Infinite Loop vulnerability in Linux Kernel The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. | 5.5 |
2012-05-17 | CVE-2011-4594 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. | 5.5 |
2012-05-17 | CVE-2011-4112 | Linux Avaya | The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | 5.5 |
2012-05-17 | CVE-2011-4097 | Linux Redhat | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | 5.5 |
2012-05-17 | CVE-2011-3637 | Linux Redhat | NULL Pointer Dereference vulnerability in multiple products The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. | 5.5 |
2012-05-17 | CVE-2012-1179 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. | 5.2 |
2012-05-15 | CVE-2012-1248 | Basercms | Permissions, Privileges, and Access Controls vulnerability in Basercms app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. | 5.1 |
2012-05-16 | CVE-2011-3100 | Multiple Security vulnerability in Google Chrome Prior to 19 Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 | |
2012-05-16 | CVE-2011-3094 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 | |
2012-05-16 | CVE-2011-3093 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 | |
2012-05-16 | CVE-2011-3088 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 | |
2012-05-16 | CVE-2011-3085 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values. | 5.0 | |
2012-05-16 | CVE-2011-3083 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. | 5.0 | |
2012-05-15 | CVE-2012-2612 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2514 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2513 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0 The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2512 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2511 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-17 | CVE-2012-2121 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. | 4.9 |
2012-05-17 | CVE-2012-1601 | Linux | Resource Management Errors vulnerability in Linux Kernel The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. | 4.9 |
2012-05-17 | CVE-2012-1090 | Linux Redhat Suse | Improper Input Validation vulnerability in multiple products The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | 4.9 |
2012-05-17 | CVE-2012-0058 | Linux | Resource Exhaustion vulnerability in Linux Kernel The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. | 4.9 |
2012-05-15 | CVE-2012-1246 | Webcreate | Cross-Site Scripting vulnerability in Webcreate web Mart 1.7 Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-18 | CVE-2012-2120 | Debian | Permissions, Privileges, and Access Controls vulnerability in Debian Texlive-Extra-Utils 2011.20120322 latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.3 |
2012-05-18 | CVE-2012-2093 | Gajim | Link Following vulnerability in Gajim 0.15 src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. | 3.3 |
2012-05-15 | CVE-2012-1247 | Webcreate | Cross-Site Scripting vulnerability in Webcreate web Mart 1.7 Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. | 2.6 |