CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0639 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0638 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0637 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0636 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0634 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0397 | high | — | 7.6 | 14y ago | Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0881 | high | 7.5 | 7.5 | 9y ago | Denial of service in Apache Xerces2 | |||
| CVE-2012-2695 | high | — | 7.5 | 9y ago | activerecord vulnerable to SQL Injection | |||
| CVE-2012-4380 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | |||
| CVE-2012-6707 | high | 7.5 | 7.5 | 9y ago | WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach… | |||
| CVE-2012-2805 | high | 7.5 | 7.5 | 9y ago | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||
| CVE-2012-0880 | high | 7.5 | 7.5 | 9y ago | Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | |||
| CVE-2012-6697 | high | 7.5 | 7.5 | 9y ago | InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | |||
| CVE-2012-6700 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. | |||
| CVE-2012-6699 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. | |||
| CVE-2012-6698 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. | |||
| CVE-2012-5853 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to e… | |||
| CVE-2012-5580 | high | — | 7.5 | 12y ago | Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary … | |||
| CVE-2012-5865 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||
| CVE-2012-2956 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due t… | |||
| CVE-2012-1506 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryI… | |||
| CVE-2012-4240 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||
| CVE-2012-6654 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a differen… | |||
| CVE-2012-3820 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field … | |||
| CVE-2012-0938 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter i… | |||
| CVE-2012-0273 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) di… | |||
| CVE-2012-6143 | high | — | 7.5 | 12y ago | Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly… | |||
| CVE-2012-6142 | high | — | 7.5 | 12y ago | Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not p… | |||
| CVE-2012-6141 | high | — | 7.5 | 12y ago | The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Sessio… | |||
| CVE-2012-5648 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/model… | |||
| CVE-2012-6290 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leverage… | |||
| CVE-2012-6637 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis… | |||
| CVE-2012-2663 | high | — | 7.5 | 13y ago | extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. … | |||
| CVE-2012-3000 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR W… | |||
| CVE-2012-6612 | high | — | 7.5 | 13y ago | Improper Restriction of XML External Entity Reference in Apache Solr | |||
| CVE-2012-6571 | high | — | 7.5 | 13y ago | The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses pre… | |||
| CVE-2012-4960 | medium | — | 7.5 | 13y ago | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S37… | |||
| CVE-2012-6554 | medium | — | 7.5 | 13y ago | functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag,… | |||
| CVE-2012-6129 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute ar… | |||
| CVE-2012-0553 | high | — | 7.5 | 13y ago | Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. | |||
| CVE-2012-5629 | high | — | 7.5 | 13y ago | The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) … | |||
| CVE-2012-1997 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a diff… | |||
| CVE-2012-5214 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||
| CVE-2012-5211 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial … | |||
| CVE-2012-5210 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or caus… | |||
| CVE-2012-5208 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5206 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5205 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5646 | high | — | 7.5 | 13y ago | node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | |||
| CVE-2012-6273 | high | — | 7.5 | 13y ago | SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request. | |||
| CVE-2012-6354 | high | — | 7.5 | 14y ago | The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. | |||
| CVE-2012-2292 | high | — | 7.5 | 14y ago | The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers t… | |||
| CVE-2012-6507 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | |||
| CVE-2012-5185 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. | |||
| CVE-2012-5154 | high | — | 7.5 | 14y ago | Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared me… | |||
| CVE-2012-5153 | high | — | 7.5 | 14y ago | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code tha… | |||
| CVE-2012-5150 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations … | |||
| CVE-2012-5149 | high | — | 7.5 | 14y ago | Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2012-5148 | high | — | 7.5 | 14y ago | The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. | |||
| CVE-2012-5147 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | |||
| CVE-2012-5145 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout. | |||
| CVE-2012-6090 | high | — | 7.5 | 14y ago | Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) … | |||
| CVE-2012-6089 | high | — | 7.5 | 14y ago | Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application… | |||
| CVE-2012-6426 | high | — | 7.5 | 14y ago | LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | |||
| CVE-2012-5642 | high | — | 7.5 | 14y ago | server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecifie… | |||
| CVE-2012-4688 | high | — | 7.5 | 14y ago | The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. | |||
| CVE-2012-3873 | medium | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb… | |||
| CVE-2012-4816 | high | — | 7.5 | 14y ago | IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots… | |||
| CVE-2012-5590 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-6496 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a … | |||
| CVE-2012-0882 | high | — | 7.5 | 14y ago | Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified … | |||
| CVE-2012-5967 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | |||
| CVE-2012-5576 | high | — | 7.5 | 14y ago | Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code vi… | |||
| CVE-2012-5468 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an … | |||
| CVE-2012-5195 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial … | |||
| CVE-2012-5679 | high | — | 7.5 | 14y ago | Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4971 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_i… | |||
| CVE-2012-5129 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other i… | |||
| CVE-2012-5550 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-5534 | high | — | 7.5 | 14y ago | The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "sh… | |||
| CVE-2012-1598 | high | — | 7.5 | 14y ago | Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | |||
| CVE-2012-5612 | medium | — | 7.5 | 14y ago | Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (m… | |||
| CVE-2012-5611 | medium | — | 7.5 | 14y ago | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x b… | |||
| CVE-2012-6063 | high | — | 7.5 | 14y ago | Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified … | |||
| CVE-2012-4562 | high | — | 7.5 | 14y ago | Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which trigg… | |||
| CVE-2012-4560 | high | — | 7.5 | 14y ago | Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4551 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web … | |||
| CVE-2012-4479 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-4470 | high | — | 7.5 | 14y ago | The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have… | |||
| CVE-2012-5135 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | |||
| CVE-2012-5133 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. | |||
| CVE-2012-5131 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-4964 | high | — | 7.5 | 14y ago | The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | |||
| CVE-2012-6038 | medium | — | 7.5 | 14y ago | admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, mov… | |||
| CVE-2012-5520 | high | — | 7.5 | 14y ago | The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP req… | |||
| CVE-2012-0960 | high | — | 7.5 | 14y ago | Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possi… | |||
| CVE-2012-2086 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | |||
| CVE-2012-5836 | high | — | 7.5 | 14y ago | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving… | |||
| CVE-2012-5854 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not … | |||
| CVE-2012-4433 | high | — | 7.5 | 14y ago | Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbit… |