LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
CVE-2012-0841
Title:
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
Type:
Mobile Devices
Bulletins:
CVE-2012-0841
SFBID52107
Severity:
Medium
Description:
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
Applies to:
Created:
2012-12-21
Updated:
2017-04-24

ID:
CVE-2012-5991
Title:
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type...
Type:
Hardware
Bulletins:
CVE-2012-5991
Severity:
Medium
Description:
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.
Applies to:
Cisco WLC 4400
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2012-12-19
Updated:
2017-04-24

ID:
CVE-2012-5992
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts...
Type:
Hardware
Bulletins:
CVE-2012-5992
Severity:
Medium
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
Applies to:
Cisco WLC 4400
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2012-12-19
Updated:
2017-04-24

ID:
CVE-2012-6007
Title:
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter,...
Type:
Hardware
Bulletins:
CVE-2012-6007
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
Applies to:
Cisco WLC 4400
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2012-12-19
Updated:
2017-04-24

ID:
CVE-2012-6301
Title:
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Type:
Mobile Devices
Bulletins:
CVE-2012-6301
Severity:
Medium
Description:
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Applies to:
Created:
2012-12-10
Updated:
2017-04-24

ID:
CVE-2012-4220
Title:
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference)...
Type:
Mobile Devices
Bulletins:
CVE-2012-4220
Severity:
Medium
Description:
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.
Applies to:
Created:
2012-11-30
Updated:
2017-04-24

ID:
CVE-2012-4221
Title:
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an...
Type:
Mobile Devices
Bulletins:
CVE-2012-4221
Severity:
Medium
Description:
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.
Applies to:
Created:
2012-11-30
Updated:
2017-04-24

ID:
CVE-2012-4222
Title:
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses...
Type:
Mobile Devices
Bulletins:
CVE-2012-4222
Severity:
Medium
Description:
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.
Applies to:
Created:
2012-11-30
Updated:
2017-04-24

ID:
CVE-2012-5134
Title:
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or...
Type:
Mobile Devices
Bulletins:
CVE-2012-5134
SFBID56684
Severity:
Medium
Description:
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Applies to:
Created:
2012-11-27
Updated:
2017-04-24

ID:
CVE-2012-2619
Title:
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2012-2619
Severity:
High
Description:
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
Applies to:
Created:
2012-11-14
Updated:
2017-04-24

ID:
CVE-2012-3748
Title:
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
Type:
Mobile Devices
Bulletins:
CVE-2012-3748
SFBID56362
Severity:
Medium
Description:
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
Applies to:
Created:
2012-11-03
Updated:
2017-04-24

ID:
CVE-2012-3749
Title:
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a...
Type:
Mobile Devices
Bulletins:
CVE-2012-3749
SFBID56361
Severity:
Medium
Description:
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
Applies to:
Created:
2012-11-03
Updated:
2017-04-24

ID:
CVE-2012-3750
Title:
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2012-3750
SFBID56363
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.
Applies to:
Created:
2012-11-03
Updated:
2017-04-24

ID:
CVE-2012-4643
Title:
The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before...
Type:
Hardware
Bulletins:
CVE-2012-4643
SFBID55861
Severity:
High
Description:
The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8.5(1.9), and 8.6 before 8.6(1.5) does not properly allocate memory for DHCP packets, which allows remote attackers to cause a denial of service (device reload) via a series of crafted IPv4 packets, aka Bug ID CSCtw84068.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 6506E Switch
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst...
Created:
2012-10-29
Updated:
2017-04-24

ID:
CVE-2012-4659
Title:
The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before...
Type:
Hardware
Bulletins:
CVE-2012-4659
SFBID55865
Severity:
High
Description:
The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication response, aka Bug ID CSCtz04566.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-10-29
Updated:
2017-04-24

ID:
CVE-2012-4660
Title:
The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5...
Type:
Hardware
Bulletins:
CVE-2012-4660
SFBID55864
Severity:
High
Description:
The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-10-29
Updated:
2017-04-24

ID:
CVE-2012-4661
Title:
Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before...
Type:
Hardware
Bulletins:
CVE-2012-4661
SFBID55863
Severity:
High
Description:
Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco 7600 Series Routers
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E...
Created:
2012-10-29
Updated:
2017-04-24

ID:
CVE-2012-4662
Title:
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
Type:
Hardware
Bulletins:
CVE-2012-4662
SFBID55862
Severity:
High
Description:
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21376 and CSCtr27524.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco 7600 Series Routers
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E...
Created:
2012-10-29
Updated:
2017-04-24

ID:
CVE-2012-4663
Title:
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before...
Type:
Hardware
Bulletins:
CVE-2012-4663
SFBID55862
Severity:
High
Description:
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21346 and CSCtr27521.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco 7600 Series Routers
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E...
Created:
2012-10-29
Updated:
2017-04-24

ID:
OVAL15395
Title:
Reflected XSS Vulnerability - MS12-070
Type:
Software
Bulletins:
OVAL15395
CVE-2012-2552
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
Applies to:
Microsoft SQL Server 2000 Reporting Services
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Created:
2012-10-17
Updated:
2016-02-19

ID:
CVE-2012-5112
Title:
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2012-5112
Severity:
High
Description:
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Applies to:
Created:
2012-10-11
Updated:
2017-04-24

ID:
CVE-2011-3918
Title:
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2011-3918
Severity:
High
Description:
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Applies to:
Created:
2012-10-07
Updated:
2017-04-24

ID:
CVE-2012-2889
Title:
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
Type:
Mobile Devices
Bulletins:
CVE-2012-2889
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-3949
Title:
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS,...
Type:
Hardware
Bulletins:
CVE-2012-3949
SFBID55697
Severity:
High
Description:
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
Applies to:
Unified Communications Manager
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-3950
Title:
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS...
Type:
Hardware
Bulletins:
CVE-2012-3950
SFBID55695
Severity:
High
Description:
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4617
Title:
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed...
Type:
Hardware
Bulletins:
CVE-2012-4617
SFBID55694
Severity:
High
Description:
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4618
Title:
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
Type:
Hardware
Bulletins:
CVE-2012-4618
SFBID55693
Severity:
High
Description:
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4619
Title:
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
Type:
Hardware
Bulletins:
CVE-2012-4619
SFBID55705
Severity:
High
Description:
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4620
Title:
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug...
Type:
Hardware
Bulletins:
CVE-2012-4620
SFBID55696
Severity:
High
Description:
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.
Applies to:
Cisco 10008 Router
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4621
Title:
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
Type:
Hardware
Bulletins:
CVE-2012-4621
Severity:
High
Description:
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4622
Title:
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error...
Type:
Hardware
Bulletins:
CVE-2012-4622
SFBID55701
Severity:
High
Description:
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-4623
Title:
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2012-4623
SFBID55700
Severity:
High
Description:
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.
Applies to:
Created:
2012-09-26
Updated:
2017-04-24

ID:
CVE-2012-3722
Title:
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2012-3722
Severity:
Medium
Description:
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3724
Title:
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived...
Type:
Mobile Devices
Bulletins:
CVE-2012-3724
Severity:
Medium
Description:
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3725
Title:
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information...
Type:
Mobile Devices
Bulletins:
CVE-2012-3725
Severity:
Low
Description:
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3726
Title:
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
Type:
Mobile Devices
Bulletins:
CVE-2012-3726
Severity:
Medium
Description:
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3727
Title:
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
Type:
Mobile Devices
Bulletins:
CVE-2012-3727
Severity:
Medium
Description:
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3728
Title:
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
Type:
Mobile Devices
Bulletins:
CVE-2012-3728
Severity:
Medium
Description:
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3729
Title:
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a...
Type:
Mobile Devices
Bulletins:
CVE-2012-3729
Severity:
Low
Description:
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3730
Title:
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a...
Type:
Mobile Devices
Bulletins:
CVE-2012-3730
Severity:
Medium
Description:
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3731
Title:
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2012-3731
Severity:
Low
Description:
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3732
Title:
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
Type:
Mobile Devices
Bulletins:
CVE-2012-3732
Severity:
Medium
Description:
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3733
Title:
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain...
Type:
Mobile Devices
Bulletins:
CVE-2012-3733
Severity:
Medium
Description:
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3734
Title:
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
Type:
Mobile Devices
Bulletins:
CVE-2012-3734
Severity:
Low
Description:
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3735
Title:
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the...
Type:
Mobile Devices
Bulletins:
CVE-2012-3735
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3736
Title:
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.
Type:
Mobile Devices
Bulletins:
CVE-2012-3736
Severity:
Medium
Description:
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3737
Title:
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
Type:
Mobile Devices
Bulletins:
CVE-2012-3737
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3738
Title:
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime...
Type:
Mobile Devices
Bulletins:
CVE-2012-3738
Severity:
Low
Description:
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3739
Title:
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
Type:
Mobile Devices
Bulletins:
CVE-2012-3739
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3740
Title:
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2012-3740
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3741
Title:
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step...
Type:
Mobile Devices
Bulletins:
CVE-2012-3741
Severity:
Low
Description:
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3742
Title:
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the...
Type:
Mobile Devices
Bulletins:
CVE-2012-3742
Severity:
Medium
Description:
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3743
Title:
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
Type:
Mobile Devices
Bulletins:
CVE-2012-3743
Severity:
Medium
Description:
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3744
Title:
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating...
Type:
Mobile Devices
Bulletins:
CVE-2012-3744
Severity:
Medium
Description:
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3745
Title:
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
Type:
Mobile Devices
Bulletins:
CVE-2012-3745
Severity:
Medium
Description:
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3746
Title:
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
Type:
Mobile Devices
Bulletins:
CVE-2012-3746
Severity:
Medium
Description:
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-3747
Title:
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2012-3747
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Applies to:
Created:
2012-09-20
Updated:
2017-04-24

ID:
CVE-2012-2993
Title:
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an...
Type:
Hardware
Bulletins:
CVE-2012-2993
SFBID55569
Severity:
Low
Description:
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
Applies to:
Created:
2012-09-17
Updated:
2017-04-24

ID:
CVE-2012-3051
Title:
Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.
Type:
Hardware
Bulletins:
CVE-2012-3051
SFBID55600
Severity:
Medium
Description:
Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.
Applies to:
Cisco Nexus 7010
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3079
Title:
Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.
Type:
Hardware
Bulletins:
CVE-2012-3079
Severity:
High
Description:
Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3893
Title:
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
Type:
Hardware
Bulletins:
CVE-2012-3893
Severity:
Medium
Description:
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3895
Title:
Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
Type:
Hardware
Bulletins:
CVE-2012-3895
Severity:
Medium
Description:
Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3915
Title:
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
Type:
Hardware
Bulletins:
CVE-2012-3915
Severity:
Medium
Description:
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3923
Title:
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a...
Type:
Hardware
Bulletins:
CVE-2012-3923
Severity:
Low
Description:
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3924
Title:
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a...
Type:
Hardware
Bulletins:
CVE-2012-3924
Severity:
Low
Description:
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.
Applies to:
Created:
2012-09-16
Updated:
2017-04-24

ID:
CVE-2012-3606
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3606
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-3607
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3607
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-3621
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3621
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-3632
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3632
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-3687
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3687
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-3701
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2012-3701
SFBID55534
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Created:
2012-09-13
Updated:
2017-04-24

ID:
CVE-2012-2870
Title:
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not...
Type:
Mobile Devices
Bulletins:
CVE-2012-2870
Severity:
Medium
Description:
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Applies to:
Created:
2012-08-31
Updated:
2017-04-24

ID:
CVE-2012-2871
Title:
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or...
Type:
Mobile Devices
Bulletins:
CVE-2012-2871
Severity:
Medium
Description:
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Applies to:
Created:
2012-08-31
Updated:
2017-04-24

ID:
CVE-2012-1338
Title:
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
Type:
Hardware
Bulletins:
CVE-2012-1338
Severity:
Medium
Description:
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
Applies to:
Cisco Catalyst 3560E
Cisco Catalyst 3560
Cisco Catalyst 3750E
Cisco Catalyst 3750 Metro
Cisco Catalyst 3750G
Cisco Catalyst 3750X
Cisco Catalyst 3560X
Cisco Catalyst 3750
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-1344
Title:
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka...
Type:
Hardware
Bulletins:
CVE-2012-1344
Severity:
Low
Description:
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328.
Applies to:
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-1350
Title:
Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.
Type:
Hardware
Bulletins:
CVE-2012-1350
Severity:
High
Description:
Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426.
Applies to:
Cisco Aironet Ap1130ag
Cisco Aironet 1131
Cisco Aironet AP1240
Cisco Aironet Ap 1230
Cisco Aironet Ap1100
Cisco Aironet 1040
Cisco Aironet 1260
Cisco Aironet 1140
Cisco Aironet Ap1240
Cisco Aironet Ap350
Cisco Aironet Ap1300
Cisco Aironet...
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-1357
Title:
The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.
Type:
Hardware
Bulletins:
CVE-2012-1357
Severity:
Medium
Description:
The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.
Applies to:
Cisco Nexus 5000 Series
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-1361
Title:
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
Type:
Hardware
Bulletins:
CVE-2012-1361
Severity:
Medium
Description:
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
Applies to:
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-1367
Title:
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka...
Type:
Hardware
Bulletins:
CVE-2012-1367
Severity:
Medium
Description:
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.
Applies to:
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-2469
Title:
Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP)...
Type:
Hardware
Bulletins:
CVE-2012-2469
Severity:
High
Description:
Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132.
Applies to:
Cisco Nexus 7010
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-2472
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU...
Type:
Hardware
Bulletins:
CVE-2012-2472
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-2474
Title:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN...
Type:
Hardware
Bulletins:
CVE-2012-2474
Severity:
Medium
Description:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-08-06
Updated:
2017-04-24

ID:
CVE-2012-2857
Title:
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a...
Type:
Mobile Devices
Bulletins:
CVE-2012-2857
Severity:
Medium
Description:
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Applies to:
Created:
2012-08-06
Updated:
2017-04-24

ID:
OVAL14783
Title:
ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045
Type:
Miscellaneous
Bulletins:
OVAL14783
CVE-2012-1891
Severity:
Low
Description:
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
Applies to:
Microsoft Data Access Components
Created:
2012-07-13
Updated:
2015-08-10

ID:
CVE-2012-2807
Title:
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via...
Type:
Mobile Devices
Bulletins:
CVE-2012-2807
SFBID54718
Severity:
Medium
Description:
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Applies to:
Created:
2012-06-27
Updated:
2017-04-24

ID:
CVE-2012-2824
Title:
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
Type:
Mobile Devices
Bulletins:
CVE-2012-2824
Severity:
High
Description:
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
Applies to:
Created:
2012-06-27
Updated:
2017-04-24

ID:
CVE-2012-3058
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause...
Type:
Hardware
Bulletins:
CVE-2012-3058
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-06-20
Updated:
2017-04-24

ID:
CVE-2012-2488
Title:
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
Type:
Hardware
Bulletins:
CVE-2012-2488
SFBID53728
Severity:
High
Description:
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
Applies to:
Created:
2012-05-31
Updated:
2017-04-24

ID:
CVE-2011-3102
Title:
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Type:
Mobile Devices
Bulletins:
CVE-2011-3102
SFBID53540
Severity:
Medium
Description:
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Applies to:
Created:
2012-05-15
Updated:
2017-04-24

ID:
OVAL15621
Title:
GDI+ Record Type Vulnerability
Type:
Software
Bulletins:
OVAL15621
CVE-2012-0165
Severity:
Low
Description:
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
Applies to:
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Created:
2012-05-08
Updated:
2015-02-23

ID:
CVE-2012-0672
Title:
WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2012-0672
Severity:
Medium
Description:
WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Applies to:
Created:
2012-05-08
Updated:
2017-04-24

ID:
CVE-2012-0674
Title:
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2012-0674
Severity:
Medium
Description:
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
Applies to:
Created:
2012-05-08
Updated:
2017-04-24

ID:
CVE-2011-4019
Title:
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs...
Type:
Hardware
Bulletins:
CVE-2011-4019
Severity:
Medium
Description:
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
Applies to:
Unified Communications Manager
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2011-4023
Title:
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
Type:
Hardware
Bulletins:
CVE-2011-4023
Severity:
High
Description:
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
Applies to:
Cisco Nexus 2232tm
Cisco Nexus 5596UP
Cisco Nexus 5548p
Cisco Nexus 2224tp
Cisco Nexus 2232pp
Cisco Nexus C5010P-BF
Cisco Nexus 2248tp
Cisco Nexus C2148T-1GE
Cisco Nexus 5020p
Cisco Nexus 5548Up
Cisco Nexus 2248tp-e
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2011-4231
Title:
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
Type:
Hardware
Bulletins:
CVE-2011-4231
Severity:
Medium
Description:
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
Applies to:
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2012-0376
Title:
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
Type:
Hardware
Bulletins:
CVE-2012-0376
Severity:
Medium
Description:
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
Applies to:
Unified Communications Manager
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2012-0378
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect...
Type:
Hardware
Bulletins:
CVE-2012-0378
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2012-1324
Title:
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
Type:
Hardware
Bulletins:
CVE-2012-1324
Severity:
High
Description:
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
Applies to:
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2012-1327
Title:
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S,...
Type:
Hardware
Bulletins:
CVE-2012-1327
Severity:
Medium
Description:
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
Applies to:
Created:
2012-05-03
Updated:
2017-04-24

ID:
CVE-2011-2578
Title:
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
Type:
Hardware
Bulletins:
CVE-2011-2578
Severity:
High
Description:
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-2586
Title:
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
Type:
Hardware
Bulletins:
CVE-2011-2586
Severity:
Medium
Description:
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-3285
Title:
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
Type:
Hardware
Bulletins:
CVE-2011-3285
Severity:
Medium
Description:
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-3289
Title:
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
Type:
Hardware
Bulletins:
CVE-2011-3289
Severity:
Low
Description:
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-3295
Title:
The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
Type:
Hardware
Bulletins:
CVE-2011-3295
Severity:
High
Description:
The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2012-0335
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a...
Type:
Hardware
Bulletins:
CVE-2012-0335
SFBID53558
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2012-0338
Title:
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka...
Type:
Hardware
Bulletins:
CVE-2012-0338
Severity:
Medium
Description:
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2012-0339
Title:
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client,...
Type:
Hardware
Bulletins:
CVE-2012-0339
Severity:
Medium
Description:
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-3309
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE...
Type:
Hardware
Bulletins:
CVE-2011-3309
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-4006
Title:
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
Type:
Hardware
Bulletins:
CVE-2011-4006
Severity:
High
Description:
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-4007
Title:
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2)...
Type:
Hardware
Bulletins:
CVE-2011-4007
Severity:
Medium
Description:
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-4012
Title:
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
Type:
Hardware
Bulletins:
CVE-2011-4012
Severity:
High
Description:
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-4015
Title:
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
Type:
Hardware
Bulletins:
CVE-2011-4015
Severity:
Medium
Description:
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2011-4016
Title:
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2011-4016
Severity:
Medium
Description:
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2012-0362
Title:
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network...
Type:
Hardware
Bulletins:
CVE-2012-0362
Severity:
Medium
Description:
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
Applies to:
Created:
2012-05-02
Updated:
2017-04-24

ID:
CVE-2012-2439
Title:
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2012-2439
Severity:
High
Description:
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
Applies to:
FVS318v3 Firewall
Created:
2012-04-27
Updated:
2017-04-24

ID:
OVAL15391
Title:
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android...
Type:
Web
Bulletins:
OVAL15391
CVE-2012-0773
Severity:
Low
Description:
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2012-04-04
Updated:
2015-08-03

ID:
OVAL15266
Title:
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute...
Type:
Web
Bulletins:
OVAL15266
CVE-2012-0772
Severity:
Low
Description:
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2012-04-04
Updated:
2015-08-03

ID:
CVE-2011-3058
Title:
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2011-3058
SFBID52762
Severity:
Medium
Description:
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Applies to:
Created:
2012-03-30
Updated:
2017-04-24

ID:
CVE-2012-0381
Title:
The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2012-0381
SFBID52757
Severity:
High
Description:
The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0382
Title:
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote...
Type:
Hardware
Bulletins:
CVE-2012-0382
SFBID52759
Severity:
High
Description:
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0383
Title:
Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation...
Type:
Hardware
Bulletins:
CVE-2012-0383
SFBID52758
Severity:
High
Description:
Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0384
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow...
Type:
Hardware
Bulletins:
CVE-2012-0384
SFBID52755
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0385
Title:
The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.
Type:
Hardware
Bulletins:
CVE-2012-0385
SFBID52756
Severity:
High
Description:
The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0386
Title:
The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse...
Type:
Hardware
Bulletins:
CVE-2012-0386
SFBID52752
Severity:
High
Description:
The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0387
Title:
Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug...
Type:
Hardware
Bulletins:
CVE-2012-0387
Severity:
High
Description:
Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0388
Title:
Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2012-0388
Severity:
High
Description:
Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-1310
Title:
Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536.
Type:
Hardware
Bulletins:
CVE-2012-1310
Severity:
High
Description:
Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-1311
Title:
The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets,...
Type:
Hardware
Bulletins:
CVE-2012-1311
SFBID52754
Severity:
High
Description:
The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-1312
Title:
The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.
Type:
Hardware
Bulletins:
CVE-2012-1312
SFBID52751
Severity:
High
Description:
The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-1314
Title:
The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
Type:
Hardware
Bulletins:
CVE-2012-1314
SFBID52751
Severity:
High
Description:
The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-1315
Title:
Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.
Type:
Hardware
Bulletins:
CVE-2012-1315
Severity:
High
Description:
Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.
Applies to:
Created:
2012-03-29
Updated:
2017-04-24

ID:
CVE-2012-0353
Title:
The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3...
Type:
Hardware
Bulletins:
CVE-2012-0353
SFBID52484
Severity:
High
Description:
The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-03-14
Updated:
2017-04-24

ID:
CVE-2012-0354
Title:
The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before...
Type:
Hardware
Bulletins:
CVE-2012-0354
Severity:
High
Description:
The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-03-14
Updated:
2017-04-24

ID:
CVE-2012-0355
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2012-0355
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6509-NEB-A Switch
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6509-V-E Switch
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6503...
Created:
2012-03-14
Updated:
2017-04-24

ID:
CVE-2012-0356
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8),...
Type:
Hardware
Bulletins:
CVE-2012-0356
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367.
Applies to:
Cisco Catalyst 6513 Switch
Cisco Catalyst 6513-E Switch
Cisco Catalyst 6506E Switch
Cisco Catalyst 6503 Switch
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 6504-E Switch
Cisco Catalyst 6500 Series Switches
Cisco Catalyst...
Created:
2012-03-14
Updated:
2017-04-24

ID:
CVE-2012-0358
Title:
Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before...
Type:
Hardware
Bulletins:
CVE-2012-0358
Severity:
High
Description:
Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2012-03-14
Updated:
2017-04-24

ID:
OVAL15058
Title:
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to...
Type:
Web
Bulletins:
OVAL15058
CVE-2012-0768
Severity:
Low
Description:
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2012-03-12
Updated:
2015-08-03

ID:
OVAL14828
Title:
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows...
Type:
Web
Bulletins:
OVAL14828
CVE-2012-0769
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2012-03-12
Updated:
2015-08-03

ID:
CVE-2011-2833
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2833
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2867
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2867
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2868
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2868
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2869
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2869
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2870
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2870
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2871
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2871
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2872
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2872
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-2873
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2011-2873
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0585
Title:
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
Type:
Mobile Devices
Bulletins:
CVE-2012-0585
Severity:
Medium
Description:
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0586
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588,...
Type:
Mobile Devices
Bulletins:
CVE-2012-0586
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0587
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588,...
Type:
Mobile Devices
Bulletins:
CVE-2012-0587
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0588
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
Type:
Mobile Devices
Bulletins:
CVE-2012-0588
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0589
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587,...
Type:
Mobile Devices
Bulletins:
CVE-2012-0589
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0590
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
Type:
Mobile Devices
Bulletins:
CVE-2012-0590
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0591
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0591
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0592
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0592
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0593
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0593
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0594
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0594
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0595
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0595
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0596
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0596
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0597
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0597
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0598
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0598
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0599
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0599
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0600
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0600
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0601
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0601
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0602
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0602
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0603
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0603
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0604
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0604
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0605
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0605
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0606
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0606
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0607
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0607
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0608
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0608
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0609
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0609
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0610
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0610
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0611
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0611
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0612
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0612
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0613
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0613
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0614
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0614
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0615
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0615
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0616
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0616
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0617
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0617
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0618
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0618
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0619
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0619
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0620
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0620
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0621
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0621
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0622
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0622
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0623
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0623
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0624
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0624
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0625
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0625
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0626
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0626
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0627
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0627
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0628
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0628
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0629
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0629
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0630
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0630
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0631
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0631
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0632
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0632
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0633
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0633
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0635
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2012-0635
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0641
Title:
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.
Type:
Mobile Devices
Bulletins:
CVE-2012-0641
Severity:
Medium
Description:
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0642
Title:
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
Type:
Mobile Devices
Bulletins:
CVE-2012-0642
Severity:
High
Description:
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0643
Title:
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
Type:
Mobile Devices
Bulletins:
CVE-2012-0643
Severity:
High
Description:
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0644
Title:
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
Type:
Mobile Devices
Bulletins:
CVE-2012-0644
Severity:
Medium
Description:
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0645
Title:
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to...
Type:
Mobile Devices
Bulletins:
CVE-2012-0645
Severity:
Low
Description:
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2012-0646
Title:
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
Type:
Mobile Devices
Bulletins:
CVE-2012-0646
Severity:
High
Description:
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
Applies to:
Created:
2012-03-08
Updated:
2017-04-24

ID:
CVE-2011-4486
Title:
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before...
Type:
Hardware
Bulletins:
CVE-2011-4486
Severity:
High
Description:
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.
Applies to:
Unified Communications Manager
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2011-4487
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and...
Type:
Hardware
Bulletins:
CVE-2011-4487
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
Applies to:
Unified Communications Manager
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2012-0368
Title:
The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device...
Type:
Hardware
Bulletins:
CVE-2012-0368
Severity:
High
Description:
The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997.
Applies to:
Cisco WLC 4100
Cisco WLC 2100
Cisco WLC 2000
Cisco WLC 4400
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2012-0369
Title:
Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2012-0369
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949.
Applies to:
Cisco WLC 2000
Cisco WLC 4400
Cisco WLC 2100
Cisco WLC 4100
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2012-0370
Title:
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2)...
Type:
Hardware
Bulletins:
CVE-2012-0370
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435.
Applies to:
Cisco WLC 4100
Cisco WLC 4400
Cisco WLC 2000
Cisco WLC 2100
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2012-0371
Title:
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709.
Type:
Hardware
Bulletins:
CVE-2012-0371
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709.
Applies to:
Cisco WLC 4100
Cisco WLC 4400
Cisco WLC 2000
Cisco WLC 2100
Created:
2012-02-29
Updated:
2017-04-24

ID:
CVE-2012-0363
Title:
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a...
Type:
Hardware
Bulletins:
CVE-2012-0363
Severity:
High
Description:
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.
Applies to:
Cisco srp521
Cisco srp526
Cisco srp541
Cisco srp546
Cisco srp547
Cisco srp527
Created:
2012-02-24
Updated:
2017-04-24

ID:
CVE-2012-0364
Title:
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.
Type:
Hardware
Bulletins:
CVE-2012-0364
Severity:
High
Description:
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.
Applies to:
Cisco srp521
Cisco srp526
Cisco srp541
Cisco srp546
Cisco srp547
Cisco srp527
Created:
2012-02-24
Updated:
2017-04-24

ID:
CVE-2012-0365
Title:
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload...
Type:
Hardware
Bulletins:
CVE-2012-0365
Severity:
High
Description:
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009.
Applies to:
Cisco srp521
Cisco srp526
Cisco srp541
Cisco srp546
Cisco srp547
Cisco srp527
Created:
2012-02-24
Updated:
2017-04-24

ID:
OVAL14985
Title:
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Type:
Web
Bulletins:
OVAL14985
CVE-2012-0751
Severity:
Low
Description:
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL15030
Title:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or...
Type:
Web
Bulletins:
OVAL15030
CVE-2012-0754
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14795
Title:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or...
Type:
Web
Bulletins:
OVAL14795
CVE-2012-0753
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14654
Title:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or...
Type:
Web
Bulletins:
OVAL14654
CVE-2012-0752
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion."
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14881
Title:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access...
Type:
Web
Bulletins:
OVAL14881
CVE-2012-0756
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14806
Title:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows...
Type:
Web
Bulletins:
OVAL14806
CVE-2012-0767
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14731
Title:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access...
Type:
Web
Bulletins:
OVAL14731
CVE-2012-0755
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.
Applies to:
Adobe Flash Player
Created:
2012-02-22
Updated:
2015-08-03

ID:
OVAL14878
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote...
Type:
Software
Bulletins:
OVAL14878
CVE-2012-0499
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL14942
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL14942
CVE-2011-3563
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL14082
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
Type:
Software
Bulletins:
OVAL14082
CVE-2012-0506
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL15075
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL15075
CVE-2012-0498
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL14813
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
Type:
Software
Bulletins:
OVAL14813
CVE-2012-0503
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL15069
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Type:
Software
Bulletins:
OVAL15069
CVE-2012-0501
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL13976
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
Type:
Software
Bulletins:
OVAL13976
CVE-2012-0505
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
OVAL14900
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start...
Type:
Software
Bulletins:
OVAL14900
CVE-2012-0502
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
Applies to:
Java Runtime Environment
Created:
2012-02-17
Updated:
2015-03-23

ID:
CVE-2012-0352
Title:
Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote...
Type:
Hardware
Bulletins:
CVE-2012-0352
Severity:
High
Description:
Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 5596UP
Cisco Nexus 5548p
Cisco Nexus 7000
Cisco Nexus 5020
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Cisco Nexus 5548up
Cisco Nexus 5010
Cisco Nexus 7010
Cisco Nexus 1000V VSM
Created:
2012-02-16
Updated:
2017-04-24

ID:
CVE-2011-3874
Title:
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand...
Type:
Mobile Devices
Bulletins:
CVE-2011-3874
Severity:
High
Description:
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
Applies to:
Created:
2012-01-27
Updated:
2017-04-24

ID:
CVE-2011-4276
Title:
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.
Type:
Mobile Devices
Bulletins:
CVE-2011-4276
Severity:
Medium
Description:
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.
Applies to:
Created:
2012-01-25
Updated:
2017-04-24