LiveActive security incident?Get immediate response
CVE archive

July 2012

Browse CVE records published in July 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 491 matching CVEs · Page 3 of 10.

Unknown · CVSS Not scored

CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted att...

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

Published Jul 10, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-4024: Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and...

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Published Jul 19, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-3863: channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business...

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

Published Jul 9, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-3835: Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Manageme...

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.

Published Jul 3, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-3817: ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and...

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

Published Jul 25, 2012 · Updated Aug 6, 2024