Weekly Vulnerabilities Reports > July 23 to 29, 2012
Overview
148 new vulnerabilities reported during this period, including 67 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 45 vendors including Apple, Moodle, Drupal, Symantec, and ISC. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Numeric Errors", and "SQL Injection".
- 137 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 135 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 77 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 63 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
67 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-24 | CVE-2012-4050 | Google Samsung | Unspecified vulnerability in Google Chrome OS Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors. | 10.0 |
2012-07-23 | CVE-2012-2976 | Symantec | OS Command Injection vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | 10.0 |
2012-07-23 | CVE-2012-2953 | Symantec | OS Command Injection vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | 10.0 |
2012-07-25 | CVE-2012-4057 | TWD Industries | Buffer Errors vulnerability in Twd-Industries Remote-Anything 5.60.15 Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file. | 9.3 |
2012-07-25 | CVE-2012-3686 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3683 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3682 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3681 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3680 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3679 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3678 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3674 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3670 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3669 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3668 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3667 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3666 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3665 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3664 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3663 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3661 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3656 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3655 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3653 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3646 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3645 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3644 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3642 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3641 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3640 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3639 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3638 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3637 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3636 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3635 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3634 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3633 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3631 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3630 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3629 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3628 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3627 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3626 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3625 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3620 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3618 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3615 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3611 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3610 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3609 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3608 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3605 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3604 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3603 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3600 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3599 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3597 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3596 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3595 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3594 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3593 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3592 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3591 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-3589 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-1520 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-0683 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
2012-07-25 | CVE-2012-0682 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 9.3 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-25 | CVE-2012-3590 | Apple | Unspecified vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 8.8 |
2012-07-25 | CVE-2012-3817 | ISC | Improper Input Validation vulnerability in ISC Bind ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. | 7.8 |
2012-07-26 | CVE-2012-3885 | Airdroid | Improper Authentication vulnerability in Airdroid 1.0.4 The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2012-07-26 | CVE-2012-4068 | Citrix | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix Provisioning Services Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. | 7.5 |
2012-07-25 | CVE-2012-4061 | ASP DEV | SQL Injection vulnerability in Asp-Dev XM Diary Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. | 7.5 |
2012-07-25 | CVE-2012-4060 | ASP DEV | SQL Injection vulnerability in Asp-Dev XM Forums Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | 7.5 |
2012-07-25 | CVE-2012-4056 | Uiga | SQL Injection vulnerability in Uiga Personal Portal SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2012-07-25 | CVE-2012-4055 | Uiga | SQL Injection vulnerability in Uiga FAN Club SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2012-07-25 | CVE-2012-2306 | Willem VAN DER Plaat Drupal | SQL Injection vulnerability in Drupal SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-07-25 | CVE-2012-2152 | ROY Marples | Buffer Errors vulnerability in ROY Marples Dhcpcd 3.2.3 Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. | 7.5 |
2012-07-23 | CVE-2012-2961 | Symantec | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-07-23 | CVE-2012-2574 | Symantec | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. | 7.5 |
2012-07-23 | CVE-2012-2957 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. | 7.2 |
2012-07-25 | CVE-2012-3697 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | 7.1 |
2012-07-25 | CVE-2012-2197 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | 7.1 |
57 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-26 | CVE-2012-3015 | Siemens | Unspecified vulnerability in Siemens Simatic Pcs7 and Simatic Step 7 Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. | 6.9 |
2012-07-26 | CVE-2012-3005 | Invensys | Unspecified vulnerability in Invensys products Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.9 |
2012-07-25 | CVE-2012-4054 | Cpe17 | Buffer Errors vulnerability in Cpe17 Autorun Killer 1.7.1 Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file. | 6.9 |
2012-07-26 | CVE-2011-3174 | Novell | Buffer Errors vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. | 6.8 |
2012-07-26 | CVE-2011-2658 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. | 6.8 |
2012-07-26 | CVE-2011-2657 | Novell | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.2/10.3/11 Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument. | 6.8 |
2012-07-25 | CVE-2012-4059 | Socketmail | Cross-Site Request Forgery (CSRF) vulnerability in Socketmail 2.2.9 Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action. | 6.8 |
2012-07-25 | CVE-2012-2307 | Plaatsoft Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Plaatsoft Addressbook Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2012-07-25 | CVE-2012-2305 | Justin Ellison Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Justin Ellison Node Gallery 6.X3.1 Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | 6.8 |
2012-07-25 | CVE-2012-4053 | EZ | Cross-Site Request Forgery (CSRF) vulnerability in EZ Publish 4.1.0/4.2.0/4.3.0 Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2012-07-23 | CVE-2012-3395 | Moodle | SQL Injection vulnerability in Moodle SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. | 6.5 |
2012-07-25 | CVE-2012-3571 | ISC Canonical Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. | 6.1 |
2012-07-25 | CVE-2012-3691 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.8 |
2012-07-25 | CVE-2012-3689 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.8 |
2012-07-25 | CVE-2012-3570 | ISC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Dhcp Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. | 5.7 |
2012-07-23 | CVE-2012-3392 | Moodle | Configuration vulnerability in Moodle mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | 5.5 |
2012-07-27 | CVE-2012-2978 | Nlnetlabs | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nlnetlabs NSD query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet. | 5.0 |
2012-07-26 | CVE-2012-3888 | Airdroid | Permissions, Privileges, and Access Controls vulnerability in Airdroid 1.0.4 The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data. | 5.0 |
2012-07-26 | CVE-2012-3887 | Airdroid | Cryptographic Issues vulnerability in Airdroid AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. | 5.0 |
2012-07-26 | CVE-2012-3886 | Airdroid | Information Exposure vulnerability in Airdroid 1.0.4 AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack. | 5.0 |
2012-07-26 | CVE-2012-3884 | Airdroid | Improper Authentication vulnerability in Airdroid 1.0.4 AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. | 5.0 |
2012-07-26 | CVE-2012-3698 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Xcode Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. | 5.0 |
2012-07-26 | CVE-2011-4963 | F5 | Unspecified vulnerability in F5 Nginx nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . | 5.0 |
2012-07-25 | CVE-2012-2302 | Nancy Wichmann Drupal | Information Exposure vulnerability in Nancy Wichmann Sitedoc Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2012-07-25 | CVE-2012-2296 | Janrain Drupal | Information Exposure vulnerability in Janrain RPX The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. | 5.0 |
2012-07-25 | CVE-2012-3693 | Apple | Domain Name URI Spoofing vulnerability in WebKit International Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. | 5.0 |
2012-07-25 | CVE-2012-2677 | Boost | Numeric Errors vulnerability in Boost Pool 2.0.0 Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. | 5.0 |
2012-07-25 | CVE-2012-2673 | Boehm Demers Weiser | Numeric Errors vulnerability in Boehm-Demers-Weiser Garbage Collector Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | 5.0 |
2012-07-25 | CVE-2012-0680 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | 5.0 |
2012-07-25 | CVE-2007-6754 | Freebsd Netbsd | Numeric Errors vulnerability in multiple products The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. | 5.0 |
2012-07-25 | CVE-2006-7252 | Freebsd Netbsd | Numeric Errors vulnerability in multiple products Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. | 5.0 |
2012-07-25 | CVE-2005-4895 | Csilvers | Numeric Errors vulnerability in Csilvers Gperftools 0.1/0.2/0.3 Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | 5.0 |
2012-07-25 | CVE-2012-2646 | Fenrir INC | Information Exposure vulnerability in Fenrir-Inc Sleipnir Mobile The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 5.0 |
2012-07-25 | CVE-2012-2196 | IBM | Information Exposure vulnerability in IBM DB2 IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. | 5.0 |
2012-07-25 | CVE-2012-2194 | IBM | Path Traversal vulnerability in IBM DB2 Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | 5.0 |
2012-07-23 | CVE-2012-2977 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. | 5.0 |
2012-07-23 | CVE-2012-0305 | Symantec | Unspecified vulnerability in Symantec Backupexec System Recovery and System Recovery Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 4.4 |
2012-07-26 | CVE-2012-4043 | Palo Alto | Cross-Site Scripting vulnerability in Palo Alto Global Protected Gateway, Networks and SSL VPN Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. | 4.3 |
2012-07-25 | CVE-2012-4058 | Socketmail | Cross-Site Scripting vulnerability in Socketmail 2.2.9 Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. | 4.3 |
2012-07-25 | CVE-2012-2442 | Nokia | Buffer Errors vulnerability in Nokia PC Suite 7.1.180.64 Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | 4.3 |
2012-07-25 | CVE-2012-3696 | Apple | Improper Input Validation vulnerability in Apple Safari CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | 4.3 |
2012-07-25 | CVE-2012-3695 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | 4.3 |
2012-07-25 | CVE-2012-3694 | Apple | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | 4.3 |
2012-07-25 | CVE-2012-3690 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | 4.3 |
2012-07-25 | CVE-2012-3650 | Apple | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 4.3 |
2012-07-25 | CVE-2012-2676 | Emery Berger | Numeric Errors vulnerability in Emery Berger Hoard Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected. | 4.3 |
2012-07-25 | CVE-2012-2675 | Nedprod | Numeric Errors vulnerability in Nedprod Nedmalloc 1.10 Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | 4.3 |
2012-07-25 | CVE-2012-2674 | Numeric Errors vulnerability in Google Bionic Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | 4.3 | |
2012-07-25 | CVE-2012-0679 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | 4.3 |
2012-07-25 | CVE-2012-0678 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | 4.3 |
2012-07-25 | CVE-2012-3868 | ISC | Race Condition vulnerability in ISC Bind 9.9.0/9.9.1 Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. | 4.3 |
2012-07-23 | CVE-2012-3389 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. | 4.3 |
2012-07-23 | CVE-2012-3398 | Moodle | Unspecified vulnerability in Moodle Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | 4.0 |
2012-07-23 | CVE-2012-3397 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | 4.0 |
2012-07-23 | CVE-2012-3391 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | 4.0 |
2012-07-23 | CVE-2012-3388 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. | 4.0 |
2012-07-23 | CVE-2012-3387 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.3.0 Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-27 | CVE-2012-2202 | IBM | Path Traversal vulnerability in IBM products Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. | 3.5 |
2012-07-25 | CVE-2012-2310 | Oleg Kovalchuk Drupal | Cross-Site Scripting vulnerability in Oleg Kovalchuk Cctags Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2012-07-25 | CVE-2012-2309 | Wearepropeople Drupal | Cross-Site Scripting vulnerability in Wearepropeople Glossify Internal Links Auto SEO 6.X2.5 Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2012-07-25 | CVE-2012-2308 | Tahiticlic Drupal | Cross-Site Scripting vulnerability in Tahiticlic Taxonomy Grid Catalog Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2012-07-23 | CVE-2012-3393 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. | 3.5 |
2012-07-25 | CVE-2012-3954 | ISC Debian Canonical | Resource Management Errors vulnerability in multiple products Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. | 3.3 |
2012-07-24 | CVE-2012-4048 | Wireshark Debian | Code Injection vulnerability in multiple products The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. | 3.3 |
2012-07-24 | CVE-2012-4049 | Wireshark Opensuse | Code Injection vulnerability in multiple products epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. | 2.9 |
2012-07-25 | CVE-2012-2760 | Findingscience | Permissions, Privileges, and Access Controls vulnerability in Findingscience MOD Auth Openid mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. | 2.1 |