CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2012-2038 – flash-plugin: information disclosure flaw (APSB12-14)
https://notcve.org/view.php?id=CVE-2012-2038
09 Jun 2012 — Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a v10.3.183.20 y v11.x anterior a v11.3.300.257 en Windows y Mac OS X; anterior a v10.3.183.20 y v11.x ant... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 3CVE-2012-1938 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1938
05 Jun 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firef... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0CVE-2012-1610
https://notcve.org/view.php?id=CVE-2012-1610
05 Jun 2012 — Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. Desbordamiento de entero en la función GetEXIFProperty en la magick/property.c en ImageMagick antes de v6.7.6-4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera ... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2012-0259 – ImageMagick: Out-of heap-based buffer read by processing crafted JPEG EXIF header tag value
https://notcve.org/view.php?id=CVE-2012-0259
05 Jun 2012 — The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. La función GetEXIFProperty en magick/property.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor cero en el número de componentes de una etiqueta EXIF Xresolution en un archiv... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-1186 – Gentoo Linux Security Advisory 201405-09
https://notcve.org/view.php?id=CVE-2012-1186
05 Jun 2012 — Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. Un desbordamiento de entero en la función SyncImageProfiles en profile.c en ImageMagick v6.7.5-8 y anteriores permite a atacantes remotos causar una denegación de servicio (por un bucle infinito) a través de las ... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2012-1798 – ImageMagick: Out-of-bounds buffer read by copying image bytes for TIFF images with crafted TIFF EXIF IFD value
https://notcve.org/view.php?id=CVE-2012-1798
05 Jun 2012 — The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. La función de TIFFGetEXIFProperties en coders/tiff.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites y caída de la aplicación) a través de un IFD EXIF modificado en una imagen TIFF. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2012-1185 – Gentoo Linux Security Advisory 201405-09
https://notcve.org/view.php?id=CVE-2012-1185
05 Jun 2012 — Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Múltiples desbordamientos de enteros en (1) Magick/profile.c o (2) magick/property.c de ImageMagick v6.7.5 y anteriores permite a atac... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
05 Jun 2012 — The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. Aleksis Kauppinen, Joonas Kuorilehto and Tuoma... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3098
https://notcve.org/view.php?id=CVE-2011-3098
16 May 2012 — Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. Google Chrome antes de v19.0.1084.46 en Windows utiliza una ruta de búsqueda incorrecta para el Windows Media Player plug-in, lo que podría permitir a usuarios locales conseguir privilegios a través de un caballo de Troya de plug-in en un directorio especificado. • http://code.google.com/p/chromium/issues/detail?id=124216 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0883 – httpd: insecure handling of LD_LIBRARY_PATH in envvars
https://notcve.org/view.php?id=CVE-2012-0883
18 Apr 2012 — envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. envvars (también conocido como envvars-STD) en el servidor HTTP Apache antes de 2.4.2 establece un nombre de directorio de longitud cero en el LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de un caballo de Troya DSO en el d... • http://article.gmane.org/gmane.comp.apache.devel/48158 •