CVE-2011-1390 2012-05-14T18:55:01.353-04:00 2012-05-14T18:55:01.353-04:00 XF rcq-maintenancetool-sql-injection(71802) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21594717 SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. cpe:/a:ffmpeg:ffmpeg:0.7.3 cpe:/a:ffmpeg:ffmpeg:0.4.8 cpe:/a:ffmpeg:ffmpeg:0.5 cpe:/a:ffmpeg:ffmpeg:0.5.2 cpe:/a:ffmpeg:ffmpeg:0.4.9_pre1 cpe:/a:ffmpeg:ffmpeg:0.3.3 cpe:/a:ffmpeg:ffmpeg:0.8.2 cpe:/a:ffmpeg:ffmpeg:0.7.2 cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1 cpe:/a:ffmpeg:ffmpeg:0.4.5 cpe:/a:ffmpeg:ffmpeg:0.6.2 cpe:/a:ffmpeg:ffmpeg:0.4.7 cpe:/a:ffmpeg:ffmpeg:0.6 cpe:/a:ffmpeg:ffmpeg:0.3.2 cpe:/a:ffmpeg:ffmpeg:0.5.4 cpe:/a:ffmpeg:ffmpeg:0.3.4 cpe:/a:ffmpeg:ffmpeg:0.8.1 cpe:/a:ffmpeg:ffmpeg:0.6.1 cpe:/a:ffmpeg:ffmpeg:0.5.3 cpe:/a:ffmpeg:ffmpeg:0.8.0 cpe:/a:ffmpeg:ffmpeg:0.3 cpe:/a:ffmpeg:ffmpeg:0.3.1 cpe:/a:ffmpeg:ffmpeg:0.4.2 cpe:/a:ffmpeg:ffmpeg:0.5.1 cpe:/a:ffmpeg:ffmpeg cpe:/a:ffmpeg:ffmpeg:0.4.4 cpe:/a:ffmpeg:ffmpeg:0.7.1 cpe:/a:ffmpeg:ffmpeg:0.4.6 cpe:/a:ffmpeg:ffmpeg:0.4.0 cpe:/a:ffmpeg:ffmpeg:0.4.3 CVE-2011-4031 2012-05-09T06:33:14.880-04:00 2012-05-10T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:28:00.000-04:00 MISC http://technet.microsoft.com/en-us/security/msvr/msvr11-012 CONFIRM http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.8.3 CONFIRM http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c2a2ad133eb9d42361804a568dee336992349a5e Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. cpe:/a:microsoft:visio_viewer:2010:sp1 cpe:/a:microsoft:visio_viewer:2010 CVE-2012-0018 2012-05-08T20:55:01.193-04:00 2012-05-09T10:01:15.920-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:00:00.000-04:00 MS MS12-031 Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:office:2011::mac cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:excel:2010:sp1 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:excel:2007:sp3 CVE-2012-0141 2012-05-08T20:55:01.240-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:09:00.000-04:00 MS MS12-030 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:excel:2010:sp1 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:excel:2007:sp3 CVE-2012-0142 2012-05-08T20:55:01.273-04:00 2012-05-09T10:25:23.253-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:24:00.000-04:00 MS MS12-030 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:office:2008::mac CVE-2012-0143 2012-05-08T20:55:01.320-04:00 2012-05-09T10:27:44.530-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:26:00.000-04:00 MS MS12-030 Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/a:microsoft:silverlight:5.0.61118.0 cpe:/a:microsoft:silverlight:4.0.50401.0 cpe:/a:microsoft:silverlight:4.0.51204.0 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/a:microsoft:silverlight:5.0.60401.0 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/a:microsoft:silverlight:5.0.60818.0:rc cpe:/a:microsoft:silverlight:4.0.60531.0 cpe:/a:microsoft:silverlight:4.1.10111.0 cpe:/a:microsoft:silverlight:4.0.50524.00 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:silverlight:4.0.60129.0 cpe:/a:microsoft:silverlight:4.0.60831.0 cpe:/a:microsoft:silverlight:4.0.50917.0 cpe:/a:microsoft:office:2010 cpe:/o:microsoft:windows_server_2008:r2 cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:2003:sp3 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/a:microsoft:silverlight:4.0.50826.0 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_8:consumer_preview cpe:/o:microsoft:windows_7 cpe:/a:microsoft:silverlight:4.0.60310.0 cpe:/a:microsoft:office:2010:sp1 CVE-2012-0159 2012-05-08T20:55:01.380-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:33:00.000-04:00 MS MS12-034 Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:3.0:sp2 cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/a:microsoft:.net_framework:4.0 CVE-2012-0160 2012-05-08T20:55:01.427-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T11:07:00.000-04:00 MS MS12-035 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:3.0:sp2 cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/a:microsoft:.net_framework:4.0 CVE-2012-0161 2012-05-08T20:55:01.477-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T11:23:00.000-04:00 MS MS12-035 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." cpe:/a:microsoft:.net_framework:4.0 CVE-2012-0162 2012-05-08T20:55:01.507-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T11:15:00.000-04:00 MS MS12-034 Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." cpe:/a:microsoft:.net_framework:4.0 CVE-2012-0164 2012-05-08T20:55:01.537-04:00 2012-05-09T12:10:24.600-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-05-09T12:10:00.000-04:00 MS MS12-034 Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." cpe:/a:microsoft:office:2010 cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2003:sp3 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/a:microsoft:office:2010:sp1 CVE-2012-0165 2012-05-08T20:55:01.583-04:00 2012-05-09T12:22:33.367-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T12:20:00.000-04:00 MS MS12-034 GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2003:sp3 CVE-2012-0167 2012-05-08T20:55:01.617-04:00 2012-05-09T12:24:35.347-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T12:23:00.000-04:00 MS MS12-034 Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_server_2008:r2:sp1 CVE-2012-0174 2012-05-08T20:55:01.647-04:00 2012-05-09T12:42:08.847-04:00 1.7 LOCAL LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov 2012-05-09T12:39:00.000-04:00 MS MS12-032 Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." cpe:/a:microsoft:silverlight:4.1.10111 cpe:/a:microsoft:silverlight:4.0.50917.0 cpe:/a:microsoft:silverlight:4.0.60531.0 cpe:/a:microsoft:silverlight:4.0.50826.0 cpe:/a:microsoft:silverlight:4.0.50524.00 cpe:/a:microsoft:silverlight:4.1.10111.0 cpe:/a:microsoft:silverlight:4.0.50401.0 cpe:/a:microsoft:silverlight:4.0.60129.0 cpe:/a:microsoft:silverlight:4.0.51204.0 cpe:/a:microsoft:silverlight:4.0.60310.0 cpe:/a:microsoft:silverlight:4.0.60831.0 cpe:/a:microsoft:silverlight:4.0.603310.0 CVE-2012-0176 2012-05-08T20:55:01.677-04:00 2012-05-09T12:48:11.177-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T12:47:00.000-04:00 MS MS12-034 Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." CVE-2012-0178 2012-05-08T20:55:01.727-04:00 2012-05-08T00:00:00.000-04:00 6.8 LOCAL LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T12:54:00.000-04:00 MS MS12-033 Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_7::sp1:x64 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008:r2:sp1 CVE-2012-0179 2012-05-08T20:55:01.757-04:00 2012-05-09T13:01:19.950-04:00 6.8 LOCAL LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T12:58:00.000-04:00 MS MS12-032 Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7::sp1:x64 CVE-2012-0180 2012-05-08T20:55:01.803-04:00 2012-05-09T13:04:59.203-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:04:00.000-04:00 MS MS12-034 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 CVE-2012-0181 2012-05-08T20:55:01.833-04:00 2012-05-09T13:11:17.207-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:06:00.000-04:00 MS MS12-034 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." cpe:/a:microsoft:word:2007:sp3 cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:word:2003:sp3 cpe:/a:microsoft:word:2007:sp2 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office:2008::mac CVE-2012-0183 2012-05-08T20:55:01.867-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:13:00.000-04:00 MS MS12-029 Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:office:2011::mac cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:excel:2010:sp1 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office:2008 cpe:/a:microsoft:excel:2007:sp3 CVE-2012-0184 2012-05-08T20:55:01.913-04:00 2012-05-09T13:24:54.233-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:22:00.000-04:00 MS MS12-030 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:excel:2010:sp1 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:excel:2007:sp3 CVE-2012-0185 2012-05-08T20:55:01.943-04:00 2012-05-09T13:27:42.170-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:26:00.000-04:00 MS MS12-030 Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0649 2012-05-10T23:49:58.730-04:00 2012-05-11T00:00:00.000-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-11T09:33:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x_server:10.6.8 CVE-2012-0651 2012-05-10T23:49:58.777-04:00 2012-05-11T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2012-05-11T09:43:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. cpe:/o:apple:mac_os_x:10.7.3 CVE-2012-0652 2012-05-10T23:49:58.840-04:00 2012-05-11T00:00:00.000-04:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2012-05-11T09:53:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0654 2012-05-10T23:49:58.887-04:00 2012-05-11T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T09:57:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0655 2012-05-10T23:49:58.933-04:00 2012-05-11T10:22:44.137-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2012-05-11T10:04:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x:10.7.1 CVE-2012-0656 2012-05-10T23:49:58.980-04:00 2012-05-11T00:00:00.000-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-11T10:12:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0657 2012-05-10T23:49:59.027-04:00 2012-05-11T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-05-11T10:15:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0658 2012-05-10T23:49:59.077-04:00 2012-05-11T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T10:18:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0659 2012-05-10T23:49:59.107-04:00 2012-05-11T10:29:55.387-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T10:27:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0660 2012-05-10T23:49:59.137-04:00 2012-05-11T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T10:28:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.1 CVE-2012-0661 2012-05-10T23:49:59.200-04:00 2012-05-11T10:36:58.747-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T10:35:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0662 2012-05-10T23:49:59.263-04:00 2012-05-11T10:44:08.230-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T10:43:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. cpe:/o:apple:iphone_os:4.3.0 cpe:/o:apple:iphone_os:5.1:-:ipodtouch cpe:/o:apple:iphone_os:4.3.5 cpe:/o:apple:iphone_os:3.0:-:iphone cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2:-:iphone cpe:/o:apple:iphone_os:3.1:-:iphone cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:5.0.1:-:ipodtouch cpe:/o:apple:iphone_os:5.0.1:-:ipad cpe:/o:apple:iphone_os:4.3.1 cpe:/o:apple:iphone_os:3.1:-:ipodtouch cpe:/o:apple:iphone_os:4.2.5 cpe:/o:apple:iphone_os:4.0.1:-:ipodtouch cpe:/o:apple:iphone_os:4.3.3 cpe:/o:apple:iphone_os:4.0.1:-:iphone cpe:/o:apple:iphone_os:5.0.1 cpe:/o:apple:iphone_os:4.2.8 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:5.0.1:-:iphone cpe:/o:apple:iphone_os:5.0 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:5.0:-:iphone cpe:/o:apple:iphone_os:4.0:-:ipodtouch cpe:/o:apple:iphone_os:3.2:-:ipodtouch cpe:/o:apple:iphone_os:5.1:-:iphone cpe:/o:apple:iphone_os:5.0:-:ipad cpe:/o:apple:iphone_os:4.3.2 cpe:/o:apple:iphone_os:5.0:-:ipodtouch cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:5.1:-:ipad cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:3.1.3:-:iphone cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:3.2.1:-:ipad cpe:/o:apple:iphone_os:4.0:-:iphone cpe:/o:apple:iphone_os:4.3.5:-:ipodtouch cpe:/o:apple:iphone_os:4.2.1 cpe:/o:apple:iphone_os:3.2:-:iphone cpe:/o:apple:iphone_os:4.3.5:-:ipad CVE-2012-0672 2012-05-08T06:25:46.957-04:00 2012-05-11T23:44:32.777-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-08T08:11:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5282 APPLE APPLE-SA-2012-05-09-2 APPLE APPLE-SA-2012-05-07-1 WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. cpe:/o:apple:iphone_os:4.3.0 cpe:/o:apple:iphone_os:5.1:-:ipodtouch cpe:/o:apple:iphone_os:4.3.5 cpe:/o:apple:iphone_os:3.0:-:iphone cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2:-:iphone cpe:/o:apple:iphone_os:3.1:-:iphone cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:5.0.1:-:ipodtouch cpe:/o:apple:iphone_os:5.0.1:-:ipad cpe:/o:apple:iphone_os:4.3.1 cpe:/o:apple:iphone_os:3.1:-:ipodtouch cpe:/o:apple:iphone_os:4.2.5 cpe:/o:apple:iphone_os:4.0.1:-:ipodtouch cpe:/o:apple:iphone_os:4.3.3 cpe:/o:apple:iphone_os:4.0.1:-:iphone cpe:/o:apple:iphone_os:5.0.1 cpe:/o:apple:iphone_os:4.2.8 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:5.0.1:-:iphone cpe:/o:apple:iphone_os:5.0 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:5.0:-:iphone cpe:/o:apple:iphone_os:4.0:-:ipodtouch cpe:/o:apple:iphone_os:3.2:-:ipodtouch cpe:/o:apple:iphone_os:5.1:-:iphone cpe:/o:apple:iphone_os:5.0:-:ipad cpe:/o:apple:iphone_os:4.3.2 cpe:/o:apple:iphone_os:5.0:-:ipodtouch cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:5.1:-:ipad cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:3.1.3:-:iphone cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:3.2.1:-:ipad cpe:/o:apple:iphone_os:4.0:-:iphone cpe:/o:apple:iphone_os:4.3.5:-:ipodtouch cpe:/o:apple:iphone_os:4.2.1 cpe:/o:apple:iphone_os:3.2:-:iphone cpe:/o:apple:iphone_os:4.3.5:-:ipad CVE-2012-0674 2012-05-08T06:25:47.020-04:00 2012-05-08T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-05-08T08:21:00.000-04:00 APPLE APPLE-SA-2012-05-07-1 Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.7.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x_server:10.7.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x:10.7.3 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.7.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.7.1 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.1.2 CVE-2012-0675 2012-05-10T23:49:59.293-04:00 2012-05-11T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2012-05-11T10:48:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5281 APPLE APPLE-SA-2012-05-09-1 Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. cpe:/a:apple:safari:1.3.2 cpe:/a:apple:safari:3.2.2b:-:windows cpe:/a:apple:safari:2 cpe:/a:apple:safari:3.1.0b cpe:/a:apple:safari:5.1.2 cpe:/a:apple:safari:5.0.5 cpe:/a:apple:safari:1.0b1:-:mac cpe:/a:apple:safari:3.0.2 cpe:/a:apple:safari:1.2.1 cpe:/a:apple:safari:1.2.2 cpe:/a:apple:safari:3 cpe:/a:apple:safari:4.0.1 cpe:/a:apple:safari:3.0.4:-:mac cpe:/a:apple:safari:5.1.5 cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:3.2.1b:-:windows cpe:/a:apple:safari:3.0.4b cpe:/a:apple:safari:4.1.1 cpe:/a:apple:safari:3.1.0 cpe:/a:apple:safari:5.1.3 cpe:/a:apple:safari:1.2 cpe:/a:apple:safari:2.0.0 cpe:/a:apple:safari:3.0.4 cpe:/a:apple:safari:2.0.3:417.9.3 cpe:/a:apple:safari:1.1.1 cpe:/a:apple:safari:5.1.4 cpe:/a:apple:safari:4.1.2 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:1.1.0 cpe:/a:apple:safari:3.0.2b:-:windows cpe:/a:apple:safari:3.1.0:-:mac cpe:/a:apple:safari:3.0.2b cpe:/a:apple:safari:3.2.1 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:1.0.1 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:3.0.1b:-:windows cpe:/a:apple:safari:2.0.4:-:mac cpe:/a:apple:safari:3.0 cpe:/a:apple:safari:3.2.0b:-:windows cpe:/a:apple:safari:2.0 cpe:/a:apple:safari:5.1.1 cpe:/a:apple:safari:5.0.2 cpe:/a:apple:safari:5.0.4 cpe:/a:apple:safari:1.0.3:85.8.1 cpe:/a:apple:safari:4.1 cpe:/a:apple:safari:1.0.2 cpe:/a:apple:safari:1.3.1 cpe:/a:apple:safari:3.2.2 cpe:/a:apple:safari:3.1.2 cpe:/a:apple:safari:1.3.0 cpe:/a:apple:safari:3.2.0 cpe:/a:apple:safari:3.1.1b:-:windows cpe:/a:apple:safari:3.0.0:-:mac cpe:/a:apple:safari:5.1 cpe:/a:apple:safari:3.0.1b cpe:/a:apple:safari:3.0.1:beta cpe:/a:apple:safari:3.0.1:-:mac cpe:/a:apple:safari:1.2.4 cpe:/a:apple:safari:2.0.3:417.9 cpe:/a:apple:safari:3.0.0b cpe:/a:apple:safari:3.0.0b:-:windows cpe:/a:apple:safari:5.0 cpe:/a:apple:safari:3.0.3b:-:windows cpe:/a:apple:safari:5.0.6 cpe:/a:apple:safari:1.0:beta cpe:/a:apple:safari:3.0.1 cpe:/a:apple:safari:3.1.0b:-:windows cpe:/a:apple:safari:1.2.0 cpe:/a:apple:safari:2.0.3:417.9.2 cpe:/a:apple:safari:1.1 cpe:/a:apple:safari:1.0 cpe:/a:apple:safari:3.0.2:-:mac cpe:/a:apple:safari:5.0.1 cpe:/a:apple:safari:2.0.4 cpe:/a:apple:safari:1.0.0b2 cpe:/a:apple:safari:1.2.3 cpe:/a:apple:safari:3.0.0 cpe:/a:apple:safari:3.1.1 cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:2.0.3:417.8 cpe:/a:apple:safari:5.1.6 cpe:/a:apple:safari:3.0.4b:-:windows cpe:/a:apple:safari:2.0.1 cpe:/a:apple:safari:4.0.5 cpe:/a:apple:safari:2.0.3 cpe:/a:apple:safari:3.0.3b cpe:/a:apple:safari:3.0.3:-:mac cpe:/a:apple:safari:3.1.2b:-:windows cpe:/a:apple:safari:2.0.2 cpe:/a:apple:safari:1.0.3 cpe:/a:apple:safari:1.3 cpe:/a:apple:safari:1.2.5 cpe:/a:apple:safari:1.0:beta2 cpe:/a:apple:safari:1.3.2:312.6 cpe:/a:apple:safari:3.0.3 cpe:/a:apple:safari:1.3.2:312.5 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:1.0.0 cpe:/a:apple:safari:1.0.0b1 cpe:/a:apple:safari:1.0.3:85.8 CVE-2012-0676 2012-05-10T23:49:59.340-04:00 2012-05-11T11:05:28.373-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-05-11T10:56:00.000-04:00 CONFIRM http://support.apple.com/kb/HT5282 APPLE APPLE-SA-2012-05-09-2 WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. cpe:/a:xnview:xnview:1.20 cpe:/a:xnview:xnview:1.21 cpe:/a:xnview:xnview:1.92.1 cpe:/a:xnview:xnview:1.08 cpe:/a:xnview:xnview:1.12 cpe:/a:xnview:xnview:1.82.4 cpe:/a:xnview:xnview:1.18 cpe:/a:xnview:xnview:1.91.2 cpe:/a:xnview:xnview:1.80.3 cpe:/a:xnview:xnview:1.70.4 cpe:/a:xnview:xnview:1.50.1 cpe:/a:xnview:xnview:1.25:a cpe:/a:xnview:xnview:1.94.2 cpe:/a:xnview:xnview:1.05:b cpe:/a:xnview:xnview:1.82.3 cpe:/a:xnview:xnview:1.70.2 cpe:/a:xnview:xnview:1.91.5 cpe:/a:xnview:xnview:1.91.3 cpe:/a:xnview:xnview:1.41 cpe:/a:xnview:xnview:1.97 cpe:/a:xnview:xnview:1.94 cpe:/a:xnview:xnview:1.95.3 cpe:/a:xnview:xnview:1.93 cpe:/a:xnview:xnview:1.80.1 cpe:/a:xnview:xnview:1.13 cpe:/a:xnview:xnview:1.35 cpe:/a:xnview:xnview:1.96.5 cpe:/a:xnview:xnview:1.98.4 cpe:/a:xnview:xnview:1.97.1 cpe:/a:xnview:xnview:1.30 cpe:/a:xnview:xnview:1.11 cpe:/a:xnview:xnview:1.61 cpe:/a:xnview:xnview:1.95 cpe:/a:xnview:xnview:1.67 cpe:/a:xnview:xnview:1.19 cpe:/a:xnview:xnview:1.96.2 cpe:/a:xnview:xnview:1.10 cpe:/a:xnview:xnview:1.04 cpe:/a:xnview:xnview:1.70.3 cpe:/a:xnview:xnview:1.24 cpe:/a:xnview:xnview:1.91.1 cpe:/a:xnview:xnview:1.07 cpe:/a:xnview:xnview:1.90.3 cpe:/a:xnview:xnview:1.80.2 cpe:/a:xnview:xnview:1.90 cpe:/a:xnview:xnview:1.94.1 cpe:/a:xnview:xnview:1.18.1 cpe:/a:xnview:xnview:1.60 cpe:/a:xnview:xnview:1.16 cpe:/a:xnview:xnview:1.92 cpe:/a:xnview:xnview:1.93.4 cpe:/a:xnview:xnview:1.0:a cpe:/a:xnview:xnview:1.82.2 cpe:/a:xnview:xnview:1.22 cpe:/a:xnview:xnview:1.46 cpe:/a:xnview:xnview:1.96 cpe:/a:xnview:xnview:1.32 cpe:/a:xnview:xnview:1.80 cpe:/a:xnview:xnview:1.05:c cpe:/a:xnview:xnview:1.74 cpe:/a:xnview:xnview:1.93.1 cpe:/a:xnview:xnview:1.31 cpe:/a:xnview:xnview:1.93.6 cpe:/a:xnview:xnview:1.96.1 cpe:/a:xnview:xnview:1.40 cpe:/a:xnview:xnview:1.66 cpe:/a:xnview:xnview:1.03 cpe:/a:xnview:xnview:1.34 cpe:/a:xnview:xnview:1.36 cpe:/a:xnview:xnview:1.06 cpe:/a:xnview:xnview:1.37 cpe:/a:xnview:xnview:1.93.2 cpe:/a:xnview:xnview:1.95.4 cpe:/a:xnview:xnview:1.90.1 cpe:/a:xnview:xnview:1.65 cpe:/a:xnview:xnview:1.02 cpe:/a:xnview:xnview:1.14 cpe:/a:xnview:xnview:1.09 cpe:/a:xnview:xnview:1.97.2 cpe:/a:xnview:xnview:1.01 cpe:/a:xnview:xnview:1.17 cpe:/a:xnview:xnview:1.91.4 cpe:/a:xnview:xnview:1.97.4 cpe:/a:xnview:xnview:1.05 cpe:/a:xnview:xnview:1.91 cpe:/a:xnview:xnview:1.33 cpe:/a:xnview:xnview:1.91.6 cpe:/a:xnview:xnview:1.17:a cpe:/a:xnview:xnview:1.23 cpe:/a:xnview:xnview:1.68 cpe:/a:xnview:xnview:1.15 cpe:/a:xnview:xnview:1.82 cpe:/a:xnview:xnview:1.25 cpe:/a:xnview:xnview:1.50 cpe:/a:xnview:xnview:1.93.3 cpe:/a:xnview:xnview:1.95.1 cpe:/a:xnview:xnview:1.68.1 cpe:/a:xnview:xnview:1.95.2 cpe:/a:xnview:xnview:1.55 cpe:/a:xnview:xnview:1.45 cpe:/a:xnview:xnview:1.70 CVE-2012-0684 2012-05-09T06:33:14.927-04:00 2012-05-10T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:24:00.000-04:00 MISC http://technet.microsoft.com/en-us/security/msvr/msvr12-001 Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. cpe:/a:xnview:xnview:1.20 cpe:/a:xnview:xnview:1.21 cpe:/a:xnview:xnview:1.92.1 cpe:/a:xnview:xnview:1.08 cpe:/a:xnview:xnview:1.12 cpe:/a:xnview:xnview:1.82.4 cpe:/a:xnview:xnview:1.18 cpe:/a:xnview:xnview:1.91.2 cpe:/a:xnview:xnview:1.80.3 cpe:/a:xnview:xnview:1.70.4 cpe:/a:xnview:xnview:1.50.1 cpe:/a:xnview:xnview:1.25:a cpe:/a:xnview:xnview:1.94.2 cpe:/a:xnview:xnview:1.05:b cpe:/a:xnview:xnview:1.82.3 cpe:/a:xnview:xnview:1.70.2 cpe:/a:xnview:xnview:1.91.5 cpe:/a:xnview:xnview:1.91.3 cpe:/a:xnview:xnview:1.41 cpe:/a:xnview:xnview:1.97 cpe:/a:xnview:xnview:1.94 cpe:/a:xnview:xnview:1.95.3 cpe:/a:xnview:xnview:1.93 cpe:/a:xnview:xnview:1.80.1 cpe:/a:xnview:xnview:1.13 cpe:/a:xnview:xnview:1.35 cpe:/a:xnview:xnview:1.96.5 cpe:/a:xnview:xnview:1.98.4 cpe:/a:xnview:xnview:1.97.1 cpe:/a:xnview:xnview:1.30 cpe:/a:xnview:xnview:1.11 cpe:/a:xnview:xnview:1.61 cpe:/a:xnview:xnview:1.95 cpe:/a:xnview:xnview:1.67 cpe:/a:xnview:xnview:1.19 cpe:/a:xnview:xnview:1.96.2 cpe:/a:xnview:xnview:1.10 cpe:/a:xnview:xnview:1.04 cpe:/a:xnview:xnview:1.70.3 cpe:/a:xnview:xnview:1.24 cpe:/a:xnview:xnview:1.91.1 cpe:/a:xnview:xnview:1.07 cpe:/a:xnview:xnview:1.90.3 cpe:/a:xnview:xnview:1.80.2 cpe:/a:xnview:xnview:1.90 cpe:/a:xnview:xnview:1.94.1 cpe:/a:xnview:xnview:1.18.1 cpe:/a:xnview:xnview:1.60 cpe:/a:xnview:xnview:1.16 cpe:/a:xnview:xnview:1.92 cpe:/a:xnview:xnview:1.93.4 cpe:/a:xnview:xnview:1.0:a cpe:/a:xnview:xnview:1.82.2 cpe:/a:xnview:xnview:1.22 cpe:/a:xnview:xnview:1.46 cpe:/a:xnview:xnview:1.96 cpe:/a:xnview:xnview:1.32 cpe:/a:xnview:xnview:1.80 cpe:/a:xnview:xnview:1.05:c cpe:/a:xnview:xnview:1.74 cpe:/a:xnview:xnview:1.93.1 cpe:/a:xnview:xnview:1.31 cpe:/a:xnview:xnview:1.93.6 cpe:/a:xnview:xnview:1.96.1 cpe:/a:xnview:xnview:1.40 cpe:/a:xnview:xnview:1.66 cpe:/a:xnview:xnview:1.03 cpe:/a:xnview:xnview:1.34 cpe:/a:xnview:xnview:1.36 cpe:/a:xnview:xnview:1.06 cpe:/a:xnview:xnview:1.37 cpe:/a:xnview:xnview:1.93.2 cpe:/a:xnview:xnview:1.95.4 cpe:/a:xnview:xnview:1.90.1 cpe:/a:xnview:xnview:1.65 cpe:/a:xnview:xnview:1.02 cpe:/a:xnview:xnview:1.14 cpe:/a:xnview:xnview:1.09 cpe:/a:xnview:xnview:1.97.2 cpe:/a:xnview:xnview:1.01 cpe:/a:xnview:xnview:1.17 cpe:/a:xnview:xnview:1.91.4 cpe:/a:xnview:xnview:1.97.4 cpe:/a:xnview:xnview:1.05 cpe:/a:xnview:xnview:1.91 cpe:/a:xnview:xnview:1.33 cpe:/a:xnview:xnview:1.91.6 cpe:/a:xnview:xnview:1.17:a cpe:/a:xnview:xnview:1.23 cpe:/a:xnview:xnview:1.68 cpe:/a:xnview:xnview:1.15 cpe:/a:xnview:xnview:1.82 cpe:/a:xnview:xnview:1.25 cpe:/a:xnview:xnview:1.50 cpe:/a:xnview:xnview:1.93.3 cpe:/a:xnview:xnview:1.95.1 cpe:/a:xnview:xnview:1.68.1 cpe:/a:xnview:xnview:1.95.2 cpe:/a:xnview:xnview:1.55 cpe:/a:xnview:xnview:1.45 cpe:/a:xnview:xnview:1.70 CVE-2012-0685 2012-05-09T06:33:14.957-04:00 2012-05-10T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:16:00.000-04:00 MISC http://technet.microsoft.com/en-us/security/msvr/msvr12-001 Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. cpe:/a:adobe:flash_cs4:10.0 cpe:/a:adobe:flash_cs5.5:11.0 cpe:/a:adobe:flash_cs3:9.0 CVE-2012-0778 2012-05-09T00:36:39.057-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:38:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-12.html Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors. cpe:/a:adobe:illustrator:10.0 cpe:/a:adobe:illustrator:11.0 cpe:/a:adobe:illustrator:13.0.1 cpe:/a:adobe:illustrator:13.0 cpe:/a:adobe:illustrator:13.0.3 cpe:/a:adobe:illustrator_cs5.5:15 cpe:/a:adobe:illustrator:12.0.0 cpe:/a:adobe:illustrator:8.0 cpe:/a:adobe:illustrator:9.0 cpe:/a:adobe:illustrator:7.0 cpe:/a:adobe:illustrator:15.0 cpe:/a:adobe:illustrator:13.0.2 cpe:/a:adobe:illustrator:11.0.1 cpe:/a:adobe:illustrator:14.0 CVE-2012-0780 2012-05-09T00:36:39.087-04:00 2012-05-14T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:55:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-10.html Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. cpe:/a:oracle:database_10g:10.2.0.4 cpe:/a:oracle:database_11g:11.2.0.2 cpe:/a:oracle:database_10g cpe:/a:oracle:database_11g:11.2.0.3 cpe:/a:oracle:database_11g cpe:/a:oracle:database_11g:11.1.0.7 cpe:/a:oracle:database_10g:10.2.0.3 cpe:/a:oracle:database_10g:10.2.0.5 CVE-2012-1675 2012-05-08T18:55:01.010-04:00 2012-05-09T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-09T09:37:00.000-04:00 CERT-VN VU#359816 CONFIRM https://blogs.oracle.com/security/entry/security_alert_for_cve_2012 XF oracledatabase-tnslistener-spoofing(75303) SECTRACK 1027000 BID 53308 CONFIRM http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html FULLDISC 20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available FULLDISC 20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." CVE-2012-1804 2012-05-14T16:55:01.417-04:00 2012-05-14T16:55:01.417-04:00 MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-01.pdf Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.17 cpe:/a:php:php:5.2.13 cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:5.2.10 cpe:/a:php:php:5.2.7 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.2.15 cpe:/a:php:php:5.2.14 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.3.0 cpe:/a:php:php:5.2.12 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.4.1 cpe:/a:php:php:5.3.4 cpe:/a:php:php:5.3.1 cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.3.10 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.3.8 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.3.5 cpe:/a:php:php:5.3.3 cpe:/a:php:php:5.4.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.6 cpe:/a:php:php:5.2.8 cpe:/a:php:php:5.1.3 cpe:/a:php:php:5.3.9 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.2.11 cpe:/a:php:php:5.3.6 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.3.11 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.2.16 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.2.9 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.3.7 cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.0.0:beta4 cpe:/a:php:php:5.3.2 CVE-2012-1823 2012-05-11T06:15:48.043-04:00 2012-05-11T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T11:15:00.000-04:00 CERT-VN VU#520827 CONFIRM https://bugs.php.net/bug.php?id=61910 CONFIRM http://www.php.net/ChangeLog-5.php#5.4.2 CONFIRM https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 CONFIRM http://www.php.net/archive/2012.php#id2012-05-03-1 MISC http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. cpe:/a:microsoft:office_compatibility_pack::sp2 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:office:2011::mac cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:excel:2010:sp1 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office:2008 cpe:/a:microsoft:excel:2007:sp3 CVE-2012-1847 2012-05-08T20:55:01.977-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:29:00.000-04:00 MS MS12-030 Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7::sp1:x64 CVE-2012-1848 2012-05-08T20:55:02.007-04:00 2012-05-09T13:34:23.910-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T13:33:00.000-04:00 MS MS12-034 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." cpe:/a:wellintech:kingview:3.0 CVE-2012-1977 2012-05-09T06:33:15.020-04:00 2012-05-10T00:00:00.000-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2012-05-09T12:41:00.000-04:00 MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf MISC http://dsecrg.com/pages/vul/show.php?id=405 WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. cpe:/a:hp:performance_insight:5.41.002 cpe:/a:hp:performance_insight:5.41.001 cpe:/a:hp:performance_insight:5.3 cpe:/a:hp:performance_insight:5.41 CVE-2012-2007 2012-05-09T06:33:15.207-04:00 2012-05-10T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-09T11:24:00.000-04:00 HP SSRT100853 HP HPSBMU02775 SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. cpe:/a:hp:performance_insight:5.41.002 cpe:/a:hp:performance_insight:5.41.001 cpe:/a:hp:performance_insight:5.3 cpe:/a:hp:performance_insight:5.41 CVE-2012-2008 2012-05-09T06:33:15.257-04:00 2012-05-10T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-05-09T11:17:00.000-04:00 HP HPSBMU02775 HP SSRT100853 Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:hp:performance_insight:5.41.002 cpe:/a:hp:performance_insight:5.41.001 cpe:/a:hp:performance_insight:5.3 cpe:/a:hp:performance_insight:5.41 CVE-2012-2009 2012-05-09T06:33:15.303-04:00 2012-05-10T00:00:00.000-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:43:00.000-04:00 HP SSRT100853 HP HPSBMU02775 Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors. cpe:/a:adobe:illustrator:10.0 cpe:/a:adobe:illustrator:11.0 cpe:/a:adobe:illustrator:13.0.1 cpe:/a:adobe:illustrator:13.0 cpe:/a:adobe:illustrator:13.0.3 cpe:/a:adobe:illustrator_cs5.5:15 cpe:/a:adobe:illustrator:12.0.0 cpe:/a:adobe:illustrator:8.0 cpe:/a:adobe:illustrator:9.0 cpe:/a:adobe:illustrator:7.0 cpe:/a:adobe:illustrator:15.0 cpe:/a:adobe:illustrator:13.0.2 cpe:/a:adobe:illustrator:11.0.1 cpe:/a:adobe:illustrator:14.0 CVE-2012-2023 2012-05-09T00:36:39.150-04:00 2012-05-10T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:15:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-10.html Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. cpe:/a:adobe:illustrator:10.0 cpe:/a:adobe:illustrator:11.0 cpe:/a:adobe:illustrator:13.0.1 cpe:/a:adobe:illustrator:13.0 cpe:/a:adobe:illustrator:13.0.3 cpe:/a:adobe:illustrator_cs5.5:15 cpe:/a:adobe:illustrator:12.0.0 cpe:/a:adobe:illustrator:8.0 cpe:/a:adobe:illustrator:9.0 cpe:/a:adobe:illustrator:7.0 cpe:/a:adobe:illustrator:15.0 cpe:/a:adobe:illustrator:13.0.2 cpe:/a:adobe:illustrator:11.0.1 cpe:/a:adobe:illustrator:14.0 CVE-2012-2024 2012-05-09T00:36:39.197-04:00 2012-05-10T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:17:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-10.html Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026. cpe:/a:adobe:illustrator:10.0 cpe:/a:adobe:illustrator:11.0 cpe:/a:adobe:illustrator:13.0.1 cpe:/a:adobe:illustrator:13.0 cpe:/a:adobe:illustrator:13.0.3 cpe:/a:adobe:illustrator_cs5.5:15 cpe:/a:adobe:illustrator:12.0.0 cpe:/a:adobe:illustrator:8.0 cpe:/a:adobe:illustrator:9.0 cpe:/a:adobe:illustrator:7.0 cpe:/a:adobe:illustrator:15.0 cpe:/a:adobe:illustrator:13.0.2 cpe:/a:adobe:illustrator:11.0.1 cpe:/a:adobe:illustrator:14.0 CVE-2012-2025 2012-05-09T00:36:39.243-04:00 2012-05-10T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:18:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-10.html Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026. cpe:/a:adobe:illustrator:10.0 cpe:/a:adobe:illustrator:11.0 cpe:/a:adobe:illustrator:13.0.1 cpe:/a:adobe:illustrator:13.0 cpe:/a:adobe:illustrator:13.0.3 cpe:/a:adobe:illustrator_cs5.5:15 cpe:/a:adobe:illustrator:12.0.0 cpe:/a:adobe:illustrator:8.0 cpe:/a:adobe:illustrator:9.0 cpe:/a:adobe:illustrator:7.0 cpe:/a:adobe:illustrator:15.0 cpe:/a:adobe:illustrator:13.0.2 cpe:/a:adobe:illustrator:11.0.1 cpe:/a:adobe:illustrator:14.0 CVE-2012-2026 2012-05-09T00:36:40.183-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:20:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-10.html Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025. cpe:/a:adobe:photoshop:12.0.2 cpe:/a:adobe:photoshop:11.0::%7E%7E%7E%7Ex64%7E cpe:/a:adobe:photoshop:11.0.2 cpe:/a:adobe:photoshop:5.0::pro cpe:/a:adobe:photoshop_cs5.5:12.0 cpe:/a:adobe:photoshop_cs4:11.0 cpe:/a:adobe:photoshop:6.0.1 cpe:/a:adobe:photoshop:10.0 cpe:/a:adobe:photoshop:11.0.4 cpe:/a:adobe:photoshop:8.0 cpe:/a:adobe:photoshop:11.0 cpe:/a:adobe:photoshop:12.0.1 cpe:/a:adobe:photoshop:7.0.1 cpe:/a:adobe:photoshop:12.0.3 cpe:/a:adobe:photoshop:7.0 cpe:/a:adobe:photoshop:12.0.4 cpe:/a:adobe:photoshop:12.0.0 cpe:/a:adobe:photoshop:9.0.2 cpe:/a:adobe:photoshop:4.0::pro cpe:/a:adobe:photoshop:9.0 cpe:/a:adobe:photoshop cpe:/a:adobe:photoshop:10.0.1 cpe:/a:adobe:photoshop:6.0 cpe:/a:adobe:photoshop:11.0.1 cpe:/a:adobe:photoshop:2.5::pro cpe:/a:adobe:photoshop:3.0::pro cpe:/a:adobe:photoshop:6.0::pro cpe:/a:adobe:photoshop:9.0.1 CVE-2012-2027 2012-05-09T00:36:41.167-04:00 2012-05-09T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:24:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-11.html BID 52634 Use-after-free vulnerability in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. cpe:/a:adobe:photoshop:12.0.2 cpe:/a:adobe:photoshop:11.0::%7E%7E%7E%7Ex64%7E cpe:/a:adobe:photoshop:11.0.2 cpe:/a:adobe:photoshop:5.0::pro cpe:/a:adobe:photoshop_cs5.5:12.0 cpe:/a:adobe:photoshop_cs4:11.0 cpe:/a:adobe:photoshop:6.0.1 cpe:/a:adobe:photoshop:10.0 cpe:/a:adobe:photoshop:11.0.4 cpe:/a:adobe:photoshop:8.0 cpe:/a:adobe:photoshop:11.0 cpe:/a:adobe:photoshop:12.0.1 cpe:/a:adobe:photoshop:7.0.1 cpe:/a:adobe:photoshop:12.0.3 cpe:/a:adobe:photoshop:7.0 cpe:/a:adobe:photoshop:12.0.4 cpe:/a:adobe:photoshop:12.0.0 cpe:/a:adobe:photoshop:9.0.2 cpe:/a:adobe:photoshop:4.0::pro cpe:/a:adobe:photoshop:9.0 cpe:/a:adobe:photoshop cpe:/a:adobe:photoshop:10.0.1 cpe:/a:adobe:photoshop:6.0 cpe:/a:adobe:photoshop:11.0.1 cpe:/a:adobe:photoshop:2.5::pro cpe:/a:adobe:photoshop:3.0::pro cpe:/a:adobe:photoshop:6.0::pro cpe:/a:adobe:photoshop:9.0.1 CVE-2012-2028 2012-05-09T00:36:41.213-04:00 2012-05-14T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:36:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-11.html Buffer overflow in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. cpe:/a:adobe:shockwave_player:11.5.9.620 cpe:/a:adobe:shockwave_player:11.6.0.626 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:10.1.0.011 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:11.5.10.620 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:11.6.3.633 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.6.4.634 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:11 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.6.1.629 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:8.5.1.106 CVE-2012-2029 2012-05-09T00:36:41.243-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:40:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-13.html Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. cpe:/a:adobe:shockwave_player:11.5.9.620 cpe:/a:adobe:shockwave_player:11.6.0.626 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:10.1.0.011 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:11.5.10.620 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:11.6.3.633 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.6.4.634 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:11 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.6.1.629 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:8.5.1.106 CVE-2012-2030 2012-05-09T00:36:41.277-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:45:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-13.html Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. cpe:/a:adobe:shockwave_player:11.5.9.620 cpe:/a:adobe:shockwave_player:11.6.0.626 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:10.1.0.011 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:11.5.10.620 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:11.6.3.633 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.6.4.634 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:11 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.6.1.629 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:8.5.1.106 CVE-2012-2031 2012-05-09T00:36:41.323-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:45:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-13.html Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033. cpe:/a:adobe:shockwave_player:11.5.9.620 cpe:/a:adobe:shockwave_player:11.6.0.626 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:10.1.0.011 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:11.5.10.620 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:11.6.3.633 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.6.4.634 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:11 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.6.1.629 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:8.5.1.106 CVE-2012-2032 2012-05-09T00:36:41.387-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:46:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-13.html Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033. cpe:/a:adobe:shockwave_player:11.5.9.620 cpe:/a:adobe:shockwave_player:11.6.0.626 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:10.1.0.011 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:11.5.10.620 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:11.6.3.633 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.6.4.634 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:11 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.6.1.629 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:8.5.1.106 CVE-2012-2033 2012-05-09T00:36:41.417-04:00 2012-05-09T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T14:47:00.000-04:00 CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-13.html Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032. CVE-2012-2276 2012-05-14T18:55:01.510-04:00 2012-05-14T18:55:01.510-04:00 BUGTRAQ 20120510 ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities EXPLOIT-DB 18734 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. CVE-2012-2277 2012-05-14T18:55:01.570-04:00 2012-05-14T18:55:01.570-04:00 BUGTRAQ 20120510 ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities EXPLOIT-DB 18734 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.2.7 cpe:/a:php:php:4.0.1 cpe:/a:php:php:5.2.14 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.3.0 cpe:/a:php:php:4.3.1 cpe:/a:php:php:5.0.1 cpe:/a:php:php:4.2.2 cpe:/a:php:php:1.0 cpe:/a:php:php:5.3.4 cpe:/a:php:php:4.4.8 cpe:/a:php:php:5.2.0 cpe:/a:php:php:4.0:beta1 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.3.4 cpe:/a:php:php:3.0.9 cpe:/a:php:php:5.3.3 cpe:/a:php:php:5.4.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.4.7 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.0:beta2 cpe:/a:php:php:5.1.3 cpe:/a:php:php:3.0.2 cpe:/a:php:php:5.4.0:beta2 cpe:/a:php:php:3.0.7 cpe:/a:php:php:4.4.4 cpe:/a:php:php:2.0b10 cpe:/a:php:php:5.0.2 cpe:/a:php:php:4.2.1 cpe:/a:php:php:4.4.1 cpe:/a:php:php:5.3.11 cpe:/a:php:php:5.0.3 cpe:/a:php:php:4.1.1 cpe:/a:php:php:3.0.11 cpe:/a:php:php:5.1.5 cpe:/a:php:php:4.0.7 cpe:/a:php:php:5.1.4 cpe:/a:php:php:3.0.10 cpe:/a:php:php:5.3.7 cpe:/a:php:php:3.0.12 cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:3.0.3 cpe:/a:php:php:5.0.0:beta4 cpe:/a:php:php:4.3.9 cpe:/a:php:php:5.3.12 cpe:/a:php:php:4.0:beta3 cpe:/a:php:php:4.3.5 cpe:/a:php:php:5.3.2 cpe:/a:php:php:4.2.3 cpe:/a:php:php:3.0.17 cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:5.2.13 cpe:/a:php:php:5.2.17 cpe:/a:php:php:3.0.13 cpe:/a:php:php:5.2.10 cpe:/a:php:php:4.4.3 cpe:/a:php:php:5.2.15 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.2.12 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.0.0 cpe:/a:php:php:3.0.1 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.2.0 cpe:/a:php:php:3.0.14 cpe:/a:php:php:5.4.1 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.1.2 cpe:/a:php:php:5.3.1 cpe:/a:php:php:5.3.10 cpe:/a:php:php:4.0.5 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.3.8 cpe:/a:php:php:5.2.3 cpe:/a:php:php:3.0.15 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.3.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:4.3.3 cpe:/a:php:php:5.2.8 cpe:/a:php:php:3.0.16 cpe:/a:php:php:4.4.9 cpe:/a:php:php:4.0:beta4 cpe:/a:php:php:5.3.9 cpe:/a:php:php:3.0.5 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.3.6 cpe:/a:php:php:5.2.11 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.0 cpe:/a:php:php:4.4.6 cpe:/a:php:php:4.3.0 cpe:/a:php:php:4.0:beta_4_patch1 cpe:/a:php:php:5.2.16 cpe:/a:php:php:3.0.6 cpe:/a:php:php:5.2.9 cpe:/a:php:php:2.0 cpe:/a:php:php:4.3.11 cpe:/a:php:php:3.0.8 cpe:/a:php:php:3.0.18 cpe:/a:php:php:5.1.6 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.1.0 cpe:/a:php:php:3.0 cpe:/a:php:php:4.4.0 cpe:/a:php:php:3.0.4 CVE-2012-2311 2012-05-11T06:15:48.107-04:00 2012-05-11T11:27:08.793-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T11:22:00.000-04:00 CERT-VN VU#520827 CONFIRM https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1 CONFIRM https://bugs.php.net/bug.php?id=61910 CONFIRM http://www.php.net/ChangeLog-5.php#5.4.3 CONFIRM http://www.php.net/archive/2012.php#id2012-05-08-1 MISC http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. cpe:/a:php:php:5.4.2 cpe:/a:php:php:5.4.1 cpe:/a:php:php:5.4.0 CVE-2012-2329 2012-05-11T06:15:48.263-04:00 2012-05-11T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-05-11T11:30:00.000-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=820000 CONFIRM https://bugs.php.net/bug.php?id=61807 CONFIRM http://www.php.net/ChangeLog-5.php#5.4.3 CONFIRM http://www.php.net/archive/2012.php#id2012-05-08-1 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. CVE-2012-2333 2012-05-14T18:55:03.070-04:00 2012-05-14T18:55:03.070-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=820686 CONFIRM http://www.openssl.org/news/secadv_20120510.txt MISC http://www.cert.fi/en/reports/2012/vulnerability641549.html CONFIRM http://cvs.openssl.org/chngview?cn=22547 CONFIRM http://cvs.openssl.org/chngview?cn=22538 Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. cpe:/a:php:php:5.4.2 cpe:/a:php:php:5.3.12 CVE-2012-2335 2012-05-11T06:15:48.480-04:00 2012-05-11T12:13:32.137-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-05-11T12:12:00.000-04:00 CERT-VN VU#520827 MISC https://bugs.php.net/bug.php?id=61910 MISC http://www.php.net/archive/2012.php#id2012-05-06-1 MISC http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569 MISC http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. cpe:/a:php:php:5.4.2 cpe:/a:php:php:5.4.1 cpe:/a:php:php:5.4.0 cpe:/a:php:php:5.4.0:beta2 cpe:/a:php:php:5.3.13 CVE-2012-2336 2012-05-11T06:15:48.527-04:00 2012-05-14T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-05-11T12:18:00.000-04:00 CONFIRM https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1 CONFIRM https://bugs.php.net/bug.php?id=61910 CONFIRM http://www.php.net/ChangeLog-5.php#5.4.3 CONFIRM http://www.php.net/archive/2012.php#id2012-05-08-1 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. CVE-2012-2511 2012-05-15T00:21:43.330-04:00 2012-05-15T00:21:43.330-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. CVE-2012-2512 2012-05-15T00:21:43.407-04:00 2012-05-15T00:21:43.407-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. CVE-2012-2513 2012-05-15T00:21:43.453-04:00 2012-05-15T00:21:43.453-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. CVE-2012-2514 2012-05-15T00:21:43.500-04:00 2012-05-15T00:21:43.500-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. CVE-2012-2611 2012-05-15T00:21:43.547-04:00 2012-05-15T00:21:43.547-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. CVE-2012-2612 2012-05-15T00:21:43.597-04:00 2012-05-15T00:21:43.597-04:00 MISC https://service.sap.com/sap/support/notes/1687910 MISC http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities CONFIRM http://scn.sap.com/docs/DOC-8218 The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.