CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2012-4458 189 DoS 2013-03-14 2013-03-19
5.0
None Remote Low Not required None None Partial
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
402 CVE-2012-4446 287 Bypass 2013-03-14 2013-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
403 CVE-2012-4066 287 2013-03-08 2013-03-18
5.0
None Remote Low Not required None Partial None
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
404 CVE-2012-3411 20 DoS 2013-03-05 2020-05-27
5.0
None Remote Low Not required None None Partial
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
405 CVE-2012-2193 79 XSS 2013-03-05 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors.
406 CVE-2012-2177 79 XSS 2013-03-05 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature.
407 CVE-2012-1999 +Info 2013-03-11 2019-10-09
8.5
None Remote Low ??? Complete Complete None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors.
408 CVE-2012-1998 DoS +Info 2013-03-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1997.
409 CVE-2012-1997 DoS +Info 2013-03-11 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1998.
410 CVE-2012-1996 2013-03-11 2019-10-09
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to modify data via unknown vectors.
411 CVE-2012-1995 +Info 2013-03-11 2019-10-09
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors.
412 CVE-2012-1568 Bypass 2013-03-01 2019-04-22
1.9
None Local Medium Not required None Partial None
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.
413 CVE-2012-1016 476 DoS 2013-03-05 2021-02-02
5.0
None Remote Low Not required None None Partial
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
414 CVE-2012-0553 119 Overflow 2013-03-28 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
415 CVE-2011-4969 79 XSS 2013-03-08 2019-04-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
416 CVE-2011-4966 255 2013-03-12 2013-03-19
6.0
None Remote Medium ??? Partial Partial Partial
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
417 CVE-2011-4515 255 +Info 2013-03-21 2013-05-31
4.6
None Local Low Not required Partial Partial Partial
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
418 CVE-2011-4355 264 +Priv 2013-03-05 2013-03-06
6.9
None Local Medium Not required Complete Complete Complete
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
419 CVE-2011-4318 20 2013-03-07 2013-03-07
5.8
None Remote Medium Not required Partial Partial None
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
420 CVE-2011-3638 DoS 2013-03-01 2020-07-31
4.0
None Local High Not required None None Complete
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
421 CVE-2011-3201 200 +Info 2013-03-08 2017-08-29
4.3
None Remote Medium Not required Partial None None
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
422 CVE-2011-2905 2013-03-01 2013-03-04
6.2
None Local High Not required Complete Complete Complete
Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.
423 CVE-2011-2504 +Priv 2013-03-08 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.
424 CVE-2011-2491 400 DoS 2013-03-01 2020-07-31
4.9
None Local Low Not required None None Complete
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
425 CVE-2011-2479 399 DoS 2013-03-01 2020-07-27
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
426 CVE-2011-1182 2013-03-01 2020-07-30
3.6
None Local Low Not required None Partial Partial
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
427 CVE-2011-1165 2013-03-12 2013-03-19
5.1
None Remote High Not required Partial Partial Partial
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
428 CVE-2011-1164 16 2013-03-12 2013-03-19
4.6
None Remote High ??? Partial Partial Partial
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
429 CVE-2011-1019 Bypass 2013-03-01 2020-08-03
1.9
None Local Medium Not required None Partial None
The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.
430 CVE-2010-5107 DoS 2013-03-07 2017-09-19
5.0
None Remote Low Not required None None Partial
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Total number of vulnerabilities : 430   Page : 1 2 3 4 5 6 7 8 9 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.