CVEs from 2012
Total
5,194
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0359 | high | — | 7.8 | 15y ago | The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. | |||
| CVE-2012-0330 | high | — | 7.8 | 15y ago | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | |||
| CVE-2012-0364 | high | — | 7.8 | 15y ago | Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload reques… | |||
| CVE-2012-0997 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new to… | |||
| CVE-2012-1220 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that c… | |||
| CVE-2012-0352 | high | — | 7.8 | 15y ago | Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.… | |||
| CVE-2012-0014 | high | 7.8 | 7.8 | 15y ago | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to exe… | |||
| CVE-2012-0286 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accoun… | |||
| CVE-2012-0897 | medium | — | 7.8 | 15y ago | Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QC… | |||
| CVE-2012-0094 | high | — | 7.8 | 15y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-0394 | medium | — | 7.8 | 15y ago | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | |||
| CVE-2012-0392 | medium | — | 7.8 | 15y ago | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | |||
| CVE-2012-0024 | high | — | 7.8 | 15y ago | MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a den… | |||
| CVE-2012-5380 | medium | 6.7 | 7.7 | 14y ago | Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse … | |||
| CVE-2012-3014 | high | — | 7.7 | 14y ago | The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg… | |||
| CVE-2012-3580 | high | — | 7.7 | 14y ago | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | |||
| CVE-2012-1801 | high | — | 7.7 | 14y ago | Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow r… | |||
| CVE-2012-4694 | high | — | 7.6 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device … | |||
| CVE-2012-1543 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2012-4687 | high | — | 7.6 | 14y ago | Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key… | |||
| CVE-2012-5089 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-5084 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows… | |||
| CVE-2012-5080 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a differ… | |||
| CVE-2012-3400 | high | — | 7.6 | 14y ago | Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have … | |||
| CVE-2012-3973 | high | — | 7.6 | 14y ago | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote… | |||
| CVE-2012-3555 | high | — | 7.6 | 14y ago | Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks… | |||
| CVE-2012-3292 | high | — | 7.6 | 14y ago | The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to… | |||
| CVE-2012-2562 | high | — | 7.6 | 14y ago | The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATE… | |||
| CVE-2012-0735 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified oth… | |||
| CVE-2012-0734 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i… | |||
| CVE-2012-0168 | high | — | 7.6 | 14y ago | Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print … | |||
| CVE-2012-0129 | high | — | 7.6 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0648 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0639 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0638 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0637 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0636 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0634 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0397 | high | — | 7.6 | 14y ago | Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0881 | high | 7.5 | 7.5 | 9y ago | Denial of service in Apache Xerces2 | |||
| CVE-2012-2695 | high | — | 7.5 | 9y ago | activerecord vulnerable to SQL Injection | |||
| CVE-2012-4380 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | |||
| CVE-2012-6707 | high | 7.5 | 7.5 | 9y ago | WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach… | |||
| CVE-2012-2805 | high | 7.5 | 7.5 | 9y ago | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||
| CVE-2012-0880 | high | 7.5 | 7.5 | 9y ago | Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | |||
| CVE-2012-6697 | high | 7.5 | 7.5 | 9y ago | InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | |||
| CVE-2012-6700 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. | |||
| CVE-2012-6699 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. | |||
| CVE-2012-6698 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. | |||
| CVE-2012-5853 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to e… | |||
| CVE-2012-5580 | high | — | 7.5 | 12y ago | Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary … | |||
| CVE-2012-5865 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||
| CVE-2012-2956 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due t… | |||
| CVE-2012-1506 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryI… | |||
| CVE-2012-4240 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||
| CVE-2012-6654 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a differen… | |||
| CVE-2012-3820 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field … | |||
| CVE-2012-0938 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter i… | |||
| CVE-2012-0273 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) di… | |||
| CVE-2012-6143 | high | — | 7.5 | 12y ago | Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly… | |||
| CVE-2012-6142 | high | — | 7.5 | 12y ago | Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not p… | |||
| CVE-2012-6141 | high | — | 7.5 | 12y ago | The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Sessio… | |||
| CVE-2012-5648 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/model… | |||
| CVE-2012-6290 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leverage… | |||
| CVE-2012-6637 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis… | |||
| CVE-2012-2663 | high | — | 7.5 | 13y ago | extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. … | |||
| CVE-2012-3000 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR W… | |||
| CVE-2012-6612 | high | — | 7.5 | 13y ago | Improper Restriction of XML External Entity Reference in Apache Solr | |||
| CVE-2012-6571 | high | — | 7.5 | 13y ago | The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses pre… | |||
| CVE-2012-4960 | medium | — | 7.5 | 13y ago | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S37… | |||
| CVE-2012-6554 | medium | — | 7.5 | 13y ago | functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag,… | |||
| CVE-2012-6129 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute ar… | |||
| CVE-2012-0553 | high | — | 7.5 | 13y ago | Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. | |||
| CVE-2012-5629 | high | — | 7.5 | 13y ago | The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) … | |||
| CVE-2012-1997 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a diff… | |||
| CVE-2012-5214 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||
| CVE-2012-5211 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial … | |||
| CVE-2012-5210 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or caus… | |||
| CVE-2012-5208 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5206 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5205 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5646 | high | — | 7.5 | 14y ago | node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | |||
| CVE-2012-6273 | high | — | 7.5 | 14y ago | SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request. | |||
| CVE-2012-6354 | high | — | 7.5 | 14y ago | The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. | |||
| CVE-2012-2292 | high | — | 7.5 | 14y ago | The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers t… | |||
| CVE-2012-6442 | high | 7.5 | 7.5 | 14y ago | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset,… | |||
| CVE-2012-6438 | high | 7.5 | 7.5 | 14y ago | The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates … | |||
| CVE-2012-6436 | high | 7.5 | 7.5 | 14y ago | The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates … | |||
| CVE-2012-6435 | high | 7.5 | 7.5 | 14y ago | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic… | |||
| CVE-2012-6507 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | |||
| CVE-2012-5185 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. | |||
| CVE-2012-5154 | high | — | 7.5 | 14y ago | Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared me… | |||
| CVE-2012-5153 | high | — | 7.5 | 14y ago | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code tha… | |||
| CVE-2012-5150 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations … | |||
| CVE-2012-5149 | high | — | 7.5 | 14y ago | Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2012-5148 | high | — | 7.5 | 14y ago | The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. | |||
| CVE-2012-5147 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | |||
| CVE-2012-5145 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout. | |||
| CVE-2012-6090 | high | — | 7.5 | 14y ago | Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) … | |||
| CVE-2012-6089 | high | — | 7.5 | 14y ago | Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application… |