cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x32 CVE-2012-0001 2012-01-10T16:55:03.697-05:00 2012-10-29T23:59:23.987-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T09:55:00.000-05:00 SECTRACK 1026493 BID 51296 MS MS12-001 SECUNIA 47356 SUSE openSUSE-SU-2012:0917 The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_7:::x86 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_7:::x64 cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_7::sp1:x64 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2012-0002 2012-03-13T17:55:01.103-04:00 2012-08-13T23:33:06.473-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-03-14T09:47:00.000-04:00 MS MS12-020 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_xp:2005:sp3:media_center cpe:/o:microsoft:windows_7:-:sp1:x32 CVE-2012-0003 2012-01-10T16:55:03.727-05:00 2012-01-31T23:12:41.710-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T11:09:00.000-05:00 SECTRACK 1026492 BID 51292 MS MS12-004 SECUNIA 47485 Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_xp:2005:sp3:media_center cpe:/o:microsoft:windows_7:-:sp1:x32 CVE-2012-0004 2012-01-10T16:55:03.777-05:00 2012-01-31T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T11:17:00.000-05:00 SECTRACK 1026492 BID 51295 MS MS12-004 SECUNIA 47485 Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2012-0005 2012-01-10T16:55:03.837-05:00 2012-01-31T23:12:42.040-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T11:25:00.000-05:00 SECTRACK 1026495 BID 51270 MS MS12-003 SECUNIA 47479 The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2012-0006 2012-03-13T17:55:01.180-04:00 2012-08-13T23:33:07.020-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-03-14T09:56:00.000-04:00 MS MS12-017 The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." cpe:/a:microsoft:anti-cross_site_scripting_library:3.1 cpe:/a:microsoft:anti-cross_site_scripting_library:4.0 CVE-2012-0007 2012-01-10T16:55:03.930-05:00 2012-01-31T23:12:42.210-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-01-11T12:15:00.000-05:00 SECTRACK 1026499 BID 51291 MS MS12-007 SECUNIA 47516 SECUNIA 47483 The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." cpe:/a:microsoft:visual_studio:2010 cpe:/a:microsoft:visual_studio:2010:sp1 cpe:/a:microsoft:visual_studio:2008:sp1 CVE-2012-0008 2012-03-13T17:55:01.277-04:00 2012-08-13T23:33:07.283-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-03-14T10:05:00.000-04:00 MS MS12-021 Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2 CVE-2012-0009 2012-01-10T16:55:03.977-05:00 2012-01-31T23:12:42.397-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T12:48:00.000-05:00 MS MS12-002 SECTRACK 1026494 BID 51297 SECUNIA 45189 Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:9 cpe:/a:microsoft:ie:8 CVE-2012-0010 2012-02-14T17:55:00.923-05:00 2012-08-13T23:33:07.567-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2012-02-15T09:31:00.000-05:00 MS MS12-010 Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:9 cpe:/a:microsoft:ie:8 CVE-2012-0011 2012-02-14T17:55:01.033-05:00 2012-08-13T23:33:07.737-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-02-15T10:01:00.000-05:00 MS MS12-010 Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." cpe:/a:microsoft:ie:9 CVE-2012-0012 2012-02-14T17:55:01.113-05:00 2012-08-13T23:33:07.940-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2012-02-15T10:23:00.000-05:00 MS MS12-010 Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x32 CVE-2012-0013 2012-01-10T16:55:04.010-05:00 2012-08-13T23:33:08.113-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-01-11T12:53:00.000-05:00 SECTRACK 1026497 BID 51284 MS MS12-005 SECUNIA 47480 Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:silverlight:4.0.50917.0 cpe:/a:microsoft:silverlight:4.0.51204.0 cpe:/a:microsoft:.net_framework:4.0 cpe:/a:microsoft:silverlight:4.1.10111 cpe:/a:microsoft:silverlight:4.0.60531.0 cpe:/a:microsoft:silverlight:4.0.50826.0 cpe:/a:microsoft:silverlight:4.0.50524.00 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:silverlight:4.0.60129.0 cpe:/a:microsoft:silverlight:4.0.60310.0 cpe:/a:microsoft:silverlight:4.0.603310.0 cpe:/a:microsoft:silverlight:4.0.60831.0 CVE-2012-0014 2012-02-14T17:55:01.173-05:00 2012-08-13T23:33:08.270-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-02-15T10:41:00.000-05:00 MS MS12-016 Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:2.0:sp2 CVE-2012-0015 2012-02-14T17:55:01.237-05:00 2012-08-13T23:33:08.440-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-02-15T11:39:00.000-05:00 MS MS12-016 Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." cpe:/a:microsoft:expression_design:- cpe:/a:microsoft:expression_design:4 cpe:/a:microsoft:expression_design:2 cpe:/a:microsoft:expression_design:3 cpe:/a:microsoft:expression_design:-:sp1 CVE-2012-0016 2012-03-13T17:55:01.337-04:00 2012-08-13T23:33:08.613-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-03-14T10:19:00.000-04:00 MS MS12-022 Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability." cpe:/a:microsoft:sharepoint_foundation:2010 cpe:/a:microsoft:sharepoint_foundation:2010:sp1 CVE-2012-0017 2012-02-14T17:55:01.363-05:00 2012-08-13T23:33:08.770-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2012-02-15T11:42:00.000-05:00 MS MS12-011 Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." cpe:/a:microsoft:visio_viewer:2010:sp1 cpe:/a:microsoft:visio_viewer:2010 CVE-2012-0018 2012-05-08T20:55:01.193-04:00 2012-08-18T23:40:23.957-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-05-09T10:00:00.000-04:00 SECTRACK 1027042 BID 53328 MS MS12-031 SECUNIA 49113 OSVDB 81731 Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." cpe:/a:microsoft:visio_viewer:2010:sp1 cpe:/a:microsoft:visio_viewer:2010 CVE-2012-0019 2012-02-14T17:55:01.440-05:00 2012-08-13T23:33:09.097-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-02-15T12:00:00.000-05:00 MS MS12-015 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. cpe:/a:microsoft:visio_viewer:2010:sp1 cpe:/a:microsoft:visio_viewer:2010 CVE-2012-0020 2012-02-14T17:55:01.533-05:00 2012-08-13T23:33:09.283-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-02-15T12:11:00.000-05:00 MS MS12-015 Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. cpe:/a:apache:http_server:2.2.18 cpe:/a:apache:http_server:2.2.21 cpe:/a:apache:http_server:2.2.20 cpe:/a:apache:http_server:2.2.19 cpe:/a:apache:http_server:2.2.17 CVE-2012-0021 2012-01-27T23:05:00.750-05:00 2012-09-21T23:28:42.567-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-01-30T11:51:00.000-05:00 CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=52256 CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1227292 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=785065 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html CONFIRM http://support.apple.com/kb/HT5501 SECUNIA 48551 APPLE APPLE-SA-2012-09-19-2 CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html HP SSRT100877 HP HPSBMU02786 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. cpe:/a:apache:tomcat:7.0.15 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:7.0.18 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:7.0.9 cpe:/a:apache:tomcat:6.0.16 cpe:/a:apache:tomcat:6.0.19 cpe:/a:apache:tomcat:6.0 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.33 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:7.0.21 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:5.5.31 cpe:/a:apache:tomcat:6.0.18 cpe:/a:apache:tomcat:7.0.12 cpe:/a:apache:tomcat:7.0.14 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:6.0.29 cpe:/a:apache:tomcat:7.0.1 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:7.0.0:beta cpe:/a:apache:tomcat:7.0.3 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:6.0.33 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:7.0.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:7.0.22 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:7.0.17 cpe:/a:apache:tomcat:6.0.17 cpe:/a:apache:tomcat:7.0.6 cpe:/a:apache:tomcat:7.0.16 cpe:/a:apache:tomcat:7.0.5 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:6.0.28 cpe:/a:apache:tomcat:6.0.30 cpe:/a:apache:tomcat:7.0.0 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.28 cpe:/a:apache:tomcat:7.0.13 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.34 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.32 cpe:/a:apache:tomcat:7.0.2 cpe:/a:apache:tomcat:6.0.26 cpe:/a:apache:tomcat:6.0.24 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:6.0.31 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:7.0.7 cpe:/a:apache:tomcat:6.0.27 cpe:/a:apache:tomcat:7.0.10 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:5.5.29 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.30 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:7.0.8 cpe:/a:apache:tomcat:5.5.32 cpe:/a:apache:tomcat:6.0.20 cpe:/a:apache:tomcat:7.0.20 cpe:/a:apache:tomcat:7.0.19 cpe:/a:apache:tomcat:7.0.11 CVE-2012-0022 2012-01-18T23:01:16.990-05:00 2012-11-06T00:05:39.687-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-01-19T14:31:00.000-05:00 XF apache-tomcat-parameter-dos(72425) BID 51447 DEBIAN DSA-2401 CONFIRM http://tomcat.apache.org/security-7.html CONFIRM http://tomcat.apache.org/security-6.html CONFIRM http://tomcat.apache.org/security-5.html SECUNIA 48213 REDHAT RHSA-2012:0345 HP HPSBUX02741 BUGTRAQ 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. cpe:/a:videolan:vlc_media_player:1.1.1 cpe:/a:videolan:vlc_media_player:1.1.4.1 cpe:/a:videolan:vlc_media_player:1.0.3 cpe:/a:videolan:vlc_media_player:1.0.2 cpe:/a:videolan:vlc_media_player:0.9.2 cpe:/a:videolan:vlc_media_player:1.0.4 cpe:/a:videolan:vlc_media_player:0.9.8a cpe:/a:videolan:vlc_media_player:0.9.6 cpe:/a:videolan:vlc_media_player:1.1.11 cpe:/a:videolan:vlc_media_player:1.1.6 cpe:/a:videolan:vlc_media_player:1.1.2 cpe:/a:videolan:vlc_media_player:1.1.0 cpe:/a:videolan:vlc_media_player:1.1.10.1 cpe:/a:videolan:vlc_media_player:0.9.1 cpe:/a:videolan:vlc_media_player:1.0.0 cpe:/a:videolan:vlc_media_player:1.1.5 cpe:/a:videolan:vlc_media_player:1.1.3 cpe:/a:videolan:vlc_media_player:1.1.8 cpe:/a:videolan:vlc_media_player:1.1.9 cpe:/a:videolan:vlc_media_player:1.0.5 cpe:/a:videolan:vlc_media_player:1.1.4 cpe:/a:videolan:vlc_media_player:0.9.5 cpe:/a:videolan:vlc_media_player:1.1.7 cpe:/a:videolan:vlc_media_player:0.9.9a cpe:/a:videolan:vlc_media_player:0.9.0 cpe:/a:videolan:vlc_media_player:0.9.4 cpe:/a:videolan:vlc_media_player:1.1.6.1 cpe:/a:videolan:vlc_media_player:1.0.6 cpe:/a:videolan:vlc_media_player:0.9.10 cpe:/a:videolan:vlc_media_player:1.1.12 cpe:/a:videolan:vlc_media_player:0.9.9 cpe:/a:videolan:vlc_media_player:1.1.10 cpe:/a:videolan:vlc_media_player:0.9.3 cpe:/a:videolan:vlc_media_player:1.0.1 CVE-2012-0023 2012-10-30T15:55:03.527-04:00 2012-11-06T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2012-10-31T08:22:00.000-04:00 CONFIRM http://www.videolan.org/security/sa1108.html CONFIRM http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06 XF vlcmediaplayer-getchunkheader-code-exec(71916) OSVDB 77975 SECTRACK 1026449 SECUNIA 47325 Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. cpe:/a:maradns:maradns:1.1.39 cpe:/a:maradns:maradns:1.1.40 cpe:/a:maradns:maradns:1.0.12 cpe:/a:maradns:maradns:0.8.06 cpe:/a:maradns:maradns:1.1.46 cpe:/a:maradns:maradns:0.8.13 cpe:/a:maradns:maradns:1.1.32 cpe:/a:maradns:maradns:0.9.31 cpe:/a:maradns:maradns:0.3.02 cpe:/a:maradns:maradns:0.7.13 cpe:/a:maradns:maradns:0.1.05 cpe:/a:maradns:maradns:1.1.08 cpe:/a:maradns:maradns:1.1.14 cpe:/a:maradns:maradns:1.1.45 cpe:/a:maradns:maradns:0.8.05 cpe:/a:maradns:maradns:1.1.04 cpe:/a:maradns:maradns:0.1.19 cpe:/a:maradns:maradns:0.8.09 cpe:/a:maradns:maradns:0.9.36 cpe:/a:maradns:maradns:0.1.32 cpe:/a:maradns:maradns:0.8.30 cpe:/a:maradns:maradns:1.1.09 cpe:/a:maradns:maradns:1.0.19 cpe:/a:maradns:maradns:0.9.16 cpe:/a:maradns:maradns:1.1.37 cpe:/a:maradns:maradns:1.0.15 cpe:/a:maradns:maradns:0.2.07 cpe:/a:maradns:maradns:0.6.07 cpe:/a:maradns:maradns:0.9.17 cpe:/a:maradns:maradns:0.4.03 cpe:/a:maradns:maradns:1.1.23 cpe:/a:maradns:maradns:0.3.06 cpe:/a:maradns:maradns:0.5.07 cpe:/a:maradns:maradns:1.2.12.07 cpe:/a:maradns:maradns:0.1.20 cpe:/a:maradns:maradns:1.0.33 cpe:/a:maradns:maradns:0.1.15 cpe:/a:maradns:maradns:0.8.12 cpe:/a:maradns:maradns:1.3.07 cpe:/a:maradns:maradns:1.2.12.09 cpe:/a:maradns:maradns:0.9.18 cpe:/a:maradns:maradns:0.1.22 cpe:/a:maradns:maradns:0.9.38 cpe:/a:maradns:maradns:0.0.02 cpe:/a:maradns:maradns:1.0.13 cpe:/a:maradns:maradns:0.8.10 cpe:/a:maradns:maradns:1.1.11 cpe:/a:maradns:maradns:1.3.07.05 cpe:/a:maradns:maradns:0.5.04 cpe:/a:maradns:maradns:0.7.01 cpe:/a:maradns:maradns:1.0.20 cpe:/a:maradns:maradns:1.1.54 cpe:/a:maradns:maradns:0.5.18 cpe:/a:maradns:maradns:0.1.30 cpe:/a:maradns:maradns:0.9.32 cpe:/a:maradns:maradns:0.1.06 cpe:/a:maradns:maradns:0.7.21 cpe:/a:maradns:maradns:1.0.39 cpe:/a:maradns:maradns:1.4.05 cpe:/a:maradns:maradns:1.0.25 cpe:/a:maradns:maradns:1.2.12.03 cpe:/a:maradns:maradns:1.0.35 cpe:/a:maradns:maradns:0.5.11 cpe:/a:maradns:maradns:0.8.11 cpe:/a:maradns:maradns:1.0.27 cpe:/a:maradns:maradns:1.0.28 cpe:/a:maradns:maradns:0.3.03 cpe:/a:maradns:maradns:0.8.01 cpe:/a:maradns:maradns:0.5.31 cpe:/a:maradns:maradns:1.2.12.02 cpe:/a:maradns:maradns:0.9.01 cpe:/a:maradns:maradns:0.0.01 cpe:/a:maradns:maradns:1.1.38 cpe:/a:maradns:maradns:0.1.18 cpe:/a:maradns:maradns:1.3.07.03 cpe:/a:maradns:maradns:0.1.21 cpe:/a:maradns:maradns:1.1.01 cpe:/a:maradns:maradns:0.5.28 cpe:/a:maradns:maradns:1.1.30 cpe:/a:maradns:maradns:1.0.38 cpe:/a:maradns:maradns:0.9.34 cpe:/a:maradns:maradns:0.1.14 cpe:/a:maradns:maradns:0.1.27 cpe:/a:maradns:maradns:0.8.28 cpe:/a:maradns:maradns:0.9.15 cpe:/a:maradns:maradns:0.1.03 cpe:/a:maradns:maradns:0.8.99a cpe:/a:maradns:maradns:1.3.09 cpe:/a:maradns:maradns:1.0.11 cpe:/a:maradns:maradns:0.9.07 cpe:/a:maradns:maradns:0.5.13 cpe:/a:maradns:maradns:0.7.00 cpe:/a:maradns:maradns:0.2.08 cpe:/a:maradns:maradns:1.0.31 cpe:/a:maradns:maradns:0.1.07 cpe:/a:maradns:maradns:0.0.08 cpe:/a:maradns:maradns:1.0.03 cpe:/a:maradns:maradns:0.1.29 cpe:/a:maradns:maradns:1.3.07.10 cpe:/a:maradns:maradns:0.1.34 cpe:/a:maradns:maradns:1.0.08 cpe:/a:maradns:maradns:0.2.02 cpe:/a:maradns:maradns:1.3.10 cpe:/a:maradns:maradns:1.3.06 cpe:/a:maradns:maradns:1.3.05 cpe:/a:maradns:maradns:1.1.43 cpe:/a:maradns:maradns:1.1.47 cpe:/a:maradns:maradns:0.8.26 cpe:/a:maradns:maradns:0.9.13 cpe:/a:maradns:maradns:0.1.13 cpe:/a:maradns:maradns:0.0.07 cpe:/a:maradns:maradns:1.2.12.01 cpe:/a:maradns:maradns:1.0.29 cpe:/a:maradns:maradns:0.1.28 cpe:/a:maradns:maradns:0.9.30 cpe:/a:maradns:maradns:0.4.04 cpe:/a:maradns:maradns:0.1.31 cpe:/a:maradns:maradns:0.9.03 cpe:/a:maradns:maradns:1.1.21 cpe:/a:maradns:maradns:1.0.36 cpe:/a:maradns:maradns:1.1.06 cpe:/a:maradns:maradns:1.1.50 cpe:/a:maradns:maradns:1.1.42 cpe:/a:maradns:maradns:1.1.41 cpe:/a:maradns:maradns:0.8.03 cpe:/a:maradns:maradns:0.6.15 cpe:/a:maradns:maradns:0.9.11 cpe:/a:maradns:maradns:1.3.02 cpe:/a:maradns:maradns:1.1.53 cpe:/a:maradns:maradns:0.7.05 cpe:/a:maradns:maradns:1.1.22 cpe:/a:maradns:maradns:1.0.18 cpe:/a:maradns:maradns:0.7.07 cpe:/a:maradns:maradns:1.3.07.06 cpe:/a:maradns:maradns:0.6.02 cpe:/a:maradns:maradns:0.9.25 cpe:/a:maradns:maradns:0.6.08 cpe:/a:maradns:maradns:0.7.04 cpe:/a:maradns:maradns:0.9.28 cpe:/a:maradns:maradns:0.7.20 cpe:/a:maradns:maradns:1.1.44 cpe:/a:maradns:maradns:1.3.07.08 cpe:/a:maradns:maradns:0.9.24 cpe:/a:maradns:maradns:0.4.02 cpe:/a:maradns:maradns:0.1.35 cpe:/a:maradns:maradns:0.5.02 cpe:/a:maradns:maradns:0.5.30 cpe:/a:maradns:maradns:1.1.35 cpe:/a:maradns:maradns:0.6.14 cpe:/a:maradns:maradns:0.1.17 cpe:/a:maradns:maradns:0.7.12 cpe:/a:maradns:maradns:0.8.27 cpe:/a:maradns:maradns:1.1.17 cpe:/a:maradns:maradns:0.5.00 cpe:/a:maradns:maradns:0.6.03 cpe:/a:maradns:maradns:0.5.05 cpe:/a:maradns:maradns:0.1.09 cpe:/a:maradns:maradns:0.7.16 cpe:/a:maradns:maradns:0.7.15 cpe:/a:maradns:maradns:1.3.07.01 cpe:/a:maradns:maradns:0.5.16 cpe:/a:maradns:maradns:1.3.14 cpe:/a:maradns:maradns:0.8.29 cpe:/a:maradns:maradns:0.1.38 cpe:/a:maradns:maradns:0.9.33 cpe:/a:maradns:maradns:1.0.17 cpe:/a:maradns:maradns:1.0.00 cpe:/a:maradns:maradns:1.0.09 cpe:/a:maradns:maradns:0.1.24 cpe:/a:maradns:maradns:0.8.20 cpe:/a:maradns:maradns:0.6.00 cpe:/a:maradns:maradns:0.1.26 cpe:/a:maradns:maradns:0.9.08 cpe:/a:maradns:maradns:0.2.00 cpe:/a:maradns:maradns:0.7.02 cpe:/a:maradns:maradns:1.0.23 cpe:/a:maradns:maradns:1.1.27 cpe:/a:maradns:maradns:0.3.05 cpe:/a:maradns:maradns:0.1.12 cpe:/a:maradns:maradns:0.6.10 cpe:/a:maradns:maradns:0.6.18 cpe:/a:maradns:maradns:0.6.06 cpe:/a:maradns:maradns:0.0.05 cpe:/a:maradns:maradns:1.0.22 cpe:/a:maradns:maradns:1.0.24 cpe:/a:maradns:maradns:1.4.01 cpe:/a:maradns:maradns:0.7.08 cpe:/a:maradns:maradns:1.1.24 cpe:/a:maradns:maradns:1.1.60 cpe:/a:maradns:maradns:0.5.27 cpe:/a:maradns:maradns:0.7.10 cpe:/a:maradns:maradns:0.1.02 cpe:/a:maradns:maradns:0.5.33 cpe:/a:maradns:maradns:0.8.02 cpe:/a:maradns:maradns:1.4.07 cpe:/a:maradns:maradns:0.8.31 cpe:/a:maradns:maradns:0.9.22 cpe:/a:maradns:maradns:0.1.00 cpe:/a:maradns:maradns:0.8.00 cpe:/a:maradns:maradns:1.1.49 cpe:/a:maradns:maradns:0.5.32 cpe:/a:maradns:maradns:1.3.08 cpe:/a:maradns:maradns:0.5.21 cpe:/a:maradns:maradns:0.1.40 cpe:/a:maradns:maradns:0.8.22 cpe:/a:maradns:maradns:1.3.12 cpe:/a:maradns:maradns:1.2.12.08 cpe:/a:maradns:maradns:1.1.12 cpe:/a:maradns:maradns:0.6.04 cpe:/a:maradns:maradns:0.9.27 cpe:/a:maradns:maradns:0.6.13 cpe:/a:maradns:maradns:0.5.15 cpe:/a:maradns:maradns:0.1.11 cpe:/a:maradns:maradns:0.3.00 cpe:/a:maradns:maradns:0.7.03 cpe:/a:maradns:maradns:0.5.24 cpe:/a:maradns:maradns:1.1.36 cpe:/a:maradns:maradns:0.5.09 cpe:/a:maradns:maradns:0.9.14 cpe:/a:maradns:maradns:1.4.06 cpe:/a:maradns:maradns:1.0.30 cpe:/a:maradns:maradns:0.6.16 cpe:/a:maradns:maradns:1.1.57 cpe:/a:maradns:maradns:0.7.14 cpe:/a:maradns:maradns:1.0.32 cpe:/a:maradns:maradns:1.0.16 cpe:/a:maradns:maradns:1.3.07.09 cpe:/a:maradns:maradns:0.9.35 cpe:/a:maradns:maradns:0.6.17 cpe:/a:maradns:maradns:1.1.52 cpe:/a:maradns:maradns:0.8.21 cpe:/a:maradns:maradns:1.0.05 cpe:/a:maradns:maradns:1.0.14 cpe:/a:maradns:maradns:0.8.32 cpe:/a:maradns:maradns:1.1.31 cpe:/a:maradns:maradns:1.2.12.04 cpe:/a:maradns:maradns:0.5.25 cpe:/a:maradns:maradns:0.2.05 cpe:/a:maradns:maradns:0.7.22 cpe:/a:maradns:maradns:0.2.03 cpe:/a:maradns:maradns:1.3.11 cpe:/a:maradns:maradns:0.9.91 cpe:/a:maradns:maradns:1.3.04 cpe:/a:maradns:maradns:0.2.09 cpe:/a:maradns:maradns:0.6.09 cpe:/a:maradns:maradns:0.1.10 cpe:/a:maradns:maradns:0.6.12 cpe:/a:maradns:maradns:0.8.24 cpe:/a:maradns:maradns:1.4.03 cpe:/a:maradns:maradns:1.3.07.07 cpe:/a:maradns:maradns:1.0.10 cpe:/a:maradns:maradns:1.1.58 cpe:/a:maradns:maradns:0.5.26 cpe:/a:maradns:maradns:1.1.13 cpe:/a:maradns:maradns:0.9.12 cpe:/a:maradns:maradns:0.9.04 cpe:/a:maradns:maradns:1.0.40 cpe:/a:maradns:maradns:0.6.19 cpe:/a:maradns:maradns:0.7.11 cpe:/a:maradns:maradns:0.9.37 cpe:/a:maradns:maradns:1.1.56 cpe:/a:maradns:maradns:0.9.20 cpe:/a:maradns:maradns:0.8.35 cpe:/a:maradns:maradns:0.8.16 cpe:/a:maradns:maradns:1.0.41 cpe:/a:maradns:maradns:0.9.06 cpe:/a:maradns:maradns:1.2.12.05 cpe:/a:maradns:maradns:0.2.06 cpe:/a:maradns:maradns:0.7.19 cpe:/a:maradns:maradns:0.5.10 cpe:/a:maradns:maradns:1.1.48 cpe:/a:maradns:maradns:0.5.01 cpe:/a:maradns:maradns:0.8.04 cpe:/a:maradns:maradns:1.3.07.04 cpe:/a:maradns:maradns:0.9.92 cpe:/a:maradns:maradns:0.1.16 cpe:/a:maradns:maradns:1.3.13 cpe:/a:maradns:maradns:1.1.16 cpe:/a:maradns:maradns:0.0.04 cpe:/a:maradns:maradns:0.6.21 cpe:/a:maradns:maradns:0.8.07 cpe:/a:maradns:maradns:0.6.01 cpe:/a:maradns:maradns:1.1.91 cpe:/a:maradns:maradns:1.1.25 cpe:/a:maradns:maradns:1.0.21 cpe:/a:maradns:maradns:0.9.39 cpe:/a:maradns:maradns:1.3.03 cpe:/a:maradns:maradns:0.1.36 cpe:/a:maradns:maradns:0.8.18 cpe:/a:maradns:maradns:0.8.23 cpe:/a:maradns:maradns:0.6.11 cpe:/a:maradns:maradns:0.9.09 cpe:/a:maradns:maradns:0.5.03 cpe:/a:maradns:maradns:1.1.19 cpe:/a:maradns:maradns:1.0.26 cpe:/a:maradns:maradns:0.0.03 cpe:/a:maradns:maradns:0.7.09 cpe:/a:maradns:maradns:0.9.19 cpe:/a:maradns:maradns:1.0.01 cpe:/a:maradns:maradns:0.0.06 cpe:/a:maradns:maradns:1.4.02 cpe:/a:maradns:maradns:0.5.06 cpe:/a:maradns:maradns:1.1.55 cpe:/a:maradns:maradns:0.8.14 cpe:/a:maradns:maradns:0.7.17 cpe:/a:maradns:maradns:1.3.07.02 cpe:/a:maradns:maradns:0.5.22 cpe:/a:maradns:maradns:0.8.34 cpe:/a:maradns:maradns:0.5.19 cpe:/a:maradns:maradns:0.1.37 cpe:/a:maradns:maradns:0.9.02 cpe:/a:maradns:maradns:1.0.07 cpe:/a:maradns:maradns:1.1.20 cpe:/a:maradns:maradns:1.1.33 cpe:/a:maradns:maradns:0.8.19 cpe:/a:maradns:maradns:1.1.61 cpe:/a:maradns:maradns:1.0.06 cpe:/a:maradns:maradns:0.3.04 cpe:/a:maradns:maradns:1.1.29 cpe:/a:maradns:maradns:1.2.12.06 cpe:/a:maradns:maradns:0.9.05 cpe:/a:maradns:maradns:0.1.04 cpe:/a:maradns:maradns:0.5.14 cpe:/a:maradns:maradns:0.5.17 cpe:/a:maradns:maradns:1.1.10 cpe:/a:maradns:maradns:0.8.99 cpe:/a:maradns:maradns:1.0.34 cpe:/a:maradns:maradns:1.1.90 cpe:/a:maradns:maradns:0.7.06 cpe:/a:maradns:maradns:0.2.01 cpe:/a:maradns:maradns:1.1.51 cpe:/a:maradns:maradns:1.1.07 cpe:/a:maradns:maradns:0.4.01 cpe:/a:maradns:maradns:0.6.05 cpe:/a:maradns:maradns:0.9.00 cpe:/a:maradns:maradns:0.5.12 cpe:/a:maradns:maradns:0.1.23 cpe:/a:maradns:maradns:0.2.10 cpe:/a:maradns:maradns:1.1.34 cpe:/a:maradns:maradns:1.4.04 cpe:/a:maradns:maradns:0.9.21 cpe:/a:maradns:maradns:1.0.04 cpe:/a:maradns:maradns:0.8.15 cpe:/a:maradns:maradns:1.1.15 cpe:/a:maradns:maradns:1.3.01 cpe:/a:maradns:maradns:0.1.25 cpe:/a:maradns:maradns:1.1.26 cpe:/a:maradns:maradns:0.3.01 cpe:/a:maradns:maradns:1.0.02 cpe:/a:maradns:maradns:1.1.59 cpe:/a:maradns:maradns:0.5.08 cpe:/a:maradns:maradns:0.8.08 cpe:/a:maradns:maradns:0.2.04 cpe:/a:maradns:maradns:0.8.17 cpe:/a:maradns:maradns:0.9.26 cpe:/a:maradns:maradns:0.4.00 cpe:/a:maradns:maradns:0.9.29 cpe:/a:maradns:maradns:0.1.33 cpe:/a:maradns:maradns:0.1.08 cpe:/a:maradns:maradns:1.1.28 cpe:/a:maradns:maradns:0.1.39 cpe:/a:maradns:maradns:0.8.33 cpe:/a:maradns:maradns:0.8.25 cpe:/a:maradns:maradns:0.9.23 cpe:/a:maradns:maradns:0.5.29 cpe:/a:maradns:maradns:1.0.37 cpe:/a:maradns:maradns:0.1.01 cpe:/a:maradns:maradns:0.6.20 cpe:/a:maradns:maradns:0.5.20 cpe:/a:maradns:maradns:1.1.05 cpe:/a:maradns:maradns:0.7.18 cpe:/a:maradns:maradns:1.1.18 cpe:/a:maradns:maradns:0.5.23 cpe:/a:maradns:maradns:1.1.02 cpe:/a:maradns:maradns:1.2.12.10 cpe:/a:maradns:maradns:0.9.10 CVE-2012-0024 2012-01-07T19:55:03.597-05:00 2012-01-09T14:38:10.383-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-01-09T14:35:00.000-05:00 CONFIRM http://samiam.org/blog/20111229.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=771428 MLIST [oss-security] 20120103 CVE request: maradns hash table collision cpu dos MLIST [oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. cpe:/a:irfanview:flashpix_plugin:4.2.2.0 CVE-2012-0025 2012-11-02T14:55:02.763-04:00 2012-11-05T10:17:45.263-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-11-05T10:14:00.000-05:00 XF libfpx-freeallmemory-code-exec(71892) MISC http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31 OSVDB 77958 CONFIRM http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip EXPLOIT-DB 18256 SECUNIA 47322 SECUNIA 47246 Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. CVE-2012-0026 2012-01-04T06:55:03.660-05:00 2012-01-04T06:55:04.317-05:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:openssl:openssl:0.9.8m cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.8q cpe:/a:openssl:openssl:0.9.8s cpe:/a:openssl:openssl:1.0.0:beta5 cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.8r cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:1.0.0e cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:0.9.8o cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:1.0.0c cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.6h:bogus cpe:/a:openssl:openssl:1.0.0d cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:1.0.0a cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.8n cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.8p cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7m cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:1.0.0b CVE-2012-0027 2012-01-05T20:55:01.050-05:00 2012-07-03T00:05:45.453-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-01-06T09:10:00.000-05:00 CONFIRM http://www.openssl.org/news/secadv_20120104.txt MANDRIVA MDVSA-2012:007 OSVDB 78191 SUSE openSUSE-SU-2012:0083 HP SSRT100877 HP HPSBMU02786 The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.