CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4449 | critical | 9.8 | 9.8 | 9y ago | Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop | |||
| CVE-2012-5358 | critical | 9.8 | 9.8 | 9y ago | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrar… | |||
| CVE-2012-1622 | critical | 9.8 | 9.8 | 9y ago | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4570 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-6696 | critical | 9.8 | 9.8 | 9y ago | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | |||
| CVE-2012-2781 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | |||
| CVE-2012-2780 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | |||
| CVE-2012-2778 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-2773 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-2771 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-0803 | critical | 9.8 | 9.8 | 9y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-6706 | critical | 9.8 | 9.8 | 9y ago | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. … | |||
| CVE-2012-1301 | critical | 9.8 | 9.8 | 9y ago | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | |||
| CVE-2012-6437 | critical | 9.8 | 9.8 | 14y ago | The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. S… | |||
| CVE-2012-6068 | critical | 9.8 | 9.8 | 14y ago | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener ser… | |||
| CVE-2012-4406 | critical | 9.8 | 9.8 | 14y ago | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb… | |||
| CVE-2012-1891 | critical | 9.8 | 9.8 | 14y ago | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML d… | |||
| CVE-2012-0931 | critical | 9.8 | 9.8 | 15y ago | Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary cod… | |||
| CVE-2012-5376 | critical | 9.6 | 9.6 | 14y ago | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging ac… | |||
| CVE-2012-4991 | high | — | 9.5 | 14y ago | Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a… | |||
| CVE-2012-3001 | high | — | 9.5 | 14y ago | Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | |||
| CVE-2012-2441 | high | — | 9.5 | 14y ago | RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by… | |||
| CVE-2012-1803 | high | — | 9.5 | 14y ago | RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain… | |||
| CVE-2012-0992 | high | — | 9.5 | 15y ago | interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. | |||
| CVE-2012-2108 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted fil… | |||
| CVE-2012-2107 | critical | — | 9.3 | 13y ago | Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which tr… | |||
| CVE-2012-2106 | critical | — | 9.3 | 13y ago | Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-ba… | |||
| CVE-2012-6535 | critical | — | 9.3 | 13y ago | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a… | |||
| CVE-2012-6349 | critical | — | 9.3 | 13y ago | Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. | |||
| CVE-2012-6569 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S56… | |||
| CVE-2012-6558 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) f… | |||
| CVE-2012-6553 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many … | |||
| CVE-2012-5947 | critical | — | 9.3 | 13y ago | Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-5945 | critical | — | 9.3 | 13y ago | Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property… | |||
| CVE-2012-5937 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2… | |||
| CVE-2012-4710 | critical | — | 9.3 | 13y ago | Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) vi… | |||
| CVE-2012-4858 | critical | — | 9.3 | 13y ago | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to exec… | |||
| CVE-2012-4701 | critical | — | 9.3 | 14y ago | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials… | |||
| CVE-2012-6075 | critical | — | 9.3 | 14y ago | Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a… | |||
| CVE-2012-4700 | critical | — | 9.3 | 14y ago | Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. | |||
| CVE-2012-4305 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2012-0204 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 befo… | |||
| CVE-2012-4607 | critical | — | 9.3 | 14y ago | Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. | |||
| CVE-2012-4823 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used… | |||
| CVE-2012-4822 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli… | |||
| CVE-2012-4821 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli… | |||
| CVE-2012-4820 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used… | |||
| CVE-2012-6468 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. | |||
| CVE-2012-6465 | critical | — | 9.3 | 14y ago | Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. | |||
| CVE-2012-5161 | critical | — | 9.3 | 14y ago | The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-6271 | critical | — | 9.3 | 14y ago | Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an ou… | |||
| CVE-2012-6270 | critical | — | 9.3 | 14y ago | Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave … | |||
| CVE-2012-5690 | critical | — | 9.3 | 14y ago | RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. | |||
| CVE-2012-6422 | critical | — | 9.3 | 14y ago | The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which al… | |||
| CVE-2012-4782 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Us… | |||
| CVE-2012-4781 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Inject… | |||
| CVE-2012-4774 | critical | — | 9.3 | 14y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via … | |||
| CVE-2012-2556 | critical | — | 9.3 | 14y ago | The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and … | |||
| CVE-2012-1537 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows … | |||
| CVE-2012-3271 | critical | — | 9.3 | 14y ago | Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sen… | |||
| CVE-2012-4614 | critical | — | 9.3 | 14y ago | The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact… | |||
| CVE-2012-3513 | critical | — | 9.3 | 14y ago | munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. | |||
| CVE-2012-5843 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memo… | |||
| CVE-2012-5842 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey… | |||
| CVE-2012-5840 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.… | |||
| CVE-2012-5839 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.… | |||
| CVE-2012-5838 | critical | — | 9.3 | 14y ago | The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause … | |||
| CVE-2012-5833 | critical | — | 9.3 | 14y ago | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey befor… | |||
| CVE-2012-5829 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and S… | |||
| CVE-2012-4217 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute… | |||
| CVE-2012-4216 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and S… | |||
| CVE-2012-4215 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x befor… | |||
| CVE-2012-4214 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.… | |||
| CVE-2012-4213 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary… | |||
| CVE-2012-4210 | critical | — | 9.3 | 14y ago | The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which al… | |||
| CVE-2012-4204 | critical | — | 9.3 | 14y ago | The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a deni… | |||
| CVE-2012-4202 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.1… | |||
| CVE-2012-4953 | critical | — | 9.3 | 14y ago | The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine… | |||
| CVE-2012-4777 | critical | — | 9.3 | 14y ago | The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary c… | |||
| CVE-2012-4776 | critical | — | 9.3 | 14y ago | The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy setting… | |||
| CVE-2012-2543 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary… | |||
| CVE-2012-1895 | critical | — | 9.3 | 14y ago | The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code… | |||
| CVE-2012-1887 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet… | |||
| CVE-2012-1886 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory… | |||
| CVE-2012-1885 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbi… | |||
| CVE-2012-1538 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." | |||
| CVE-2012-1528 | critical | — | 9.3 | 14y ago | Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Wind… | |||
| CVE-2012-1527 | critical | — | 9.3 | 14y ago | Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Win… | |||
| CVE-2012-3758 | critical | — | 9.3 | 14y ago | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack e… | |||
| CVE-2012-3757 | critical | — | 9.3 | 14y ago | Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | |||
| CVE-2012-3756 | critical | — | 9.3 | 14y ago | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file. | |||
| CVE-2012-3754 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application cra… | |||
| CVE-2012-3751 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with… | |||
| CVE-2012-0023 | critical | — | 9.3 | 14y ago | Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and pos… | |||
| CVE-2012-3941 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka … | |||
| CVE-2012-3940 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… | |||
| CVE-2012-3939 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory co… | |||
| CVE-2012-3938 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… | |||
| CVE-2012-3937 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… | |||
| CVE-2012-3936 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCu… |