National Vulnerability Database

National Vulnerability Databasehttp://web.nvd.nist.gov/view/vuln/searchThis feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.en-usThis material is not copywritten and may be freely used, however, attribution is requested.2012-05-16T03:33:58-05:00nvd@nist.govCVE-2012-0671http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0671Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.2012-05-16CVE-2012-0670http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0670Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.2012-05-16CVE-2012-0669http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0669Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.2012-05-16CVE-2012-0668http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0668Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.2012-05-16CVE-2012-0667http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0667Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.2012-05-16CVE-2012-0666http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0666Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.2012-05-16CVE-2012-0665http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0665Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.2012-05-16CVE-2012-0664http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0664Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.2012-05-16CVE-2012-0663http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0663Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.2012-05-16CVE-2012-0265http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0265Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.2012-05-16CVE-2011-3102http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3102Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.2012-05-15CVE-2011-3101http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors.2012-05-15CVE-2011-3100http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2012-05-15CVE-2011-3099http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3099Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.2012-05-15CVE-2011-3098http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3098Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.2012-05-15CVE-2011-3097http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3097The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.2012-05-15CVE-2011-3096http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3096Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox.2012-05-15CVE-2011-3095http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.2012-05-15CVE-2011-3094http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2012-05-15CVE-2011-3093http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2012-05-15CVE-2011-3092http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.2012-05-15CVE-2011-3091http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2012-05-15CVE-2011-3090http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.2012-05-15CVE-2011-3089http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.2012-05-15CVE-2011-3088http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2012-05-15CVE-2011-3087http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.2012-05-15CVE-2011-3086http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.2012-05-15CVE-2011-3085http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.2012-05-15CVE-2011-3084http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.2012-05-15CVE-2011-3083http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.2012-05-15CVE-2012-1248 (basercms)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1248app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.2012-05-15CVE-2012-1247 (web_mart)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1247Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.2012-05-15CVE-2012-1246 (web_mart)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1246Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.2012-05-15CVE-2012-2612 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2612The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15CVE-2012-2611 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2611The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.2012-05-15CVE-2012-2514 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2514The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15CVE-2012-2513 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2513The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15CVE-2012-2512 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2512The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15CVE-2012-2511 (netweaver)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2511The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15CVE-2012-2333 (openssl)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.2012-05-14CVE-2012-2277 (documentum_information_rights_management)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2277The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.2012-05-14CVE-2012-2276 (documentum_information_rights_management)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2276The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.2012-05-14CVE-2011-1390 (rational_clearquest)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1390SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.2012-05-14CVE-2012-1804 (movicon)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1804The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.2012-05-14