Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1610 |
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. Published: June 05, 2012; 6:55:10 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-1186 |
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. Published: June 05, 2012; 6:55:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-1185 |
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Published: June 05, 2012; 6:55:09 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2012-0260 |
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. Published: June 05, 2012; 6:55:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-0259 |
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. Published: June 05, 2012; 6:55:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-3098 |
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. Published: May 15, 2012; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-0883 |
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. Published: April 18, 2012; 6:33:33 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2011-3049 |
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. Published: March 23, 2012; 6:55:01 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3056 |
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3055 |
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3054 |
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3053 |
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3052 |
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3051 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3050 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3045 |
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3047 |
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. Published: March 10, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3046 |
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. Published: March 08, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-3044 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. Published: March 05, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3043 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. Published: March 05, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |