CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4945 | high | — | 7.5 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue. | |||
| CVE-2012-4941 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-4949 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||
| CVE-2012-4850 | high | — | 7.5 | 14y ago | IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2012-3269 | high | — | 7.5 | 14y ago | Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via u… | |||
| CVE-2012-5128 | high | — | 7.5 | 14y ago | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspec… | |||
| CVE-2012-5127 | high | — | 7.5 | 14y ago | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. | |||
| CVE-2012-5126 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2012-5125 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2012-5124 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unkno… | |||
| CVE-2012-5122 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have oth… | |||
| CVE-2012-5121 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. | |||
| CVE-2012-5120 | high | — | 7.5 | 14y ago | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via c… | |||
| CVE-2012-5118 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or pos… | |||
| CVE-2012-5117 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | |||
| CVE-2012-5116 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2012-5115 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspe… | |||
| CVE-2012-4498 | high | — | 7.5 | 14y ago | The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h… | |||
| CVE-2012-5302 | high | — | 7.5 | 14y ago | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vect… | |||
| CVE-2012-5453 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu… | |||
| CVE-2012-5168 | high | — | 7.5 | 14y ago | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_… | |||
| CVE-2012-4990 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | |||
| CVE-2012-4232 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |||
| CVE-2012-2971 | high | — | 7.5 | 14y ago | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a craf… | |||
| CVE-2012-3158 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via … | |||
| CVE-2012-5068 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-3159 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-5385 | high | — | 7.5 | 14y ago | install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | |||
| CVE-2012-4456 | high | — | 7.5 | 14y ago | The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the ro… | |||
| CVE-2012-5111 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. | |||
| CVE-2012-2900 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im… | |||
| CVE-2012-5317 | high | — | 7.5 | 14y ago | SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |||
| CVE-2012-5310 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-5304 | high | — | 7.5 | 14y ago | Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOT… | |||
| CVE-2012-1618 | high | — | 7.5 | 14y ago | Unescaped parameters in the PostgreSQL JDBC driver | |||
| CVE-2012-1565 | high | — | 7.5 | 14y ago | Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | |||
| CVE-2012-5300 | high | — | 7.5 | 14y ago | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5299 | high | — | 7.5 | 14y ago | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | |||
| CVE-2012-5297 | high | — | 7.5 | 14y ago | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5290 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. | |||
| CVE-2012-5289 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. | |||
| CVE-2012-1602 | high | — | 7.5 | 14y ago | user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||
| CVE-2012-5230 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | |||
| CVE-2012-4432 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." | |||
| CVE-2012-2240 | high | — | 7.5 | 14y ago | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||
| CVE-2012-2684 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote at… | |||
| CVE-2012-2896 | high | — | 7.5 | 14y ago | Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknow… | |||
| CVE-2012-2888 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text referen… | |||
| CVE-2012-2887 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. | |||
| CVE-2012-2885 | high | — | 7.5 | 14y ago | Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit. | |||
| CVE-2012-2883 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |||
| CVE-2012-2881 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unk… | |||
| CVE-2012-2880 | high | — | 7.5 | 14y ago | Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | |||
| CVE-2012-2878 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handlin… | |||
| CVE-2012-2876 | high | — | 7.5 | 14y ago | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown … | |||
| CVE-2012-2874 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |||
| CVE-2012-3264 | high | — | 7.5 | 14y ago | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. | |||
| CVE-2012-5101 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-3716 | high | — | 7.5 | 14y ago | CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. | |||
| CVE-2012-0650 | high | — | 7.5 | 14y ago | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) v… | |||
| CVE-2012-5001 | high | — | 7.5 | 14y ago | Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified … | |||
| CVE-2012-3032 | high | — | 7.5 | 14y ago | SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted S… | |||
| CVE-2012-3234 | high | — | 7.5 | 14y ago | RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attac… | |||
| CVE-2012-2409 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-2407 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-2982 | medium | — | 7.5 | 14y ago | file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. | |||
| CVE-2012-0254 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterp… | |||
| CVE-2012-1467 | medium | — | 7.5 | 14y ago | Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files… | |||
| CVE-2012-4868 | high | — | 7.5 | 14y ago | SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-4392 | high | — | 7.5 | 14y ago | index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |||
| CVE-2012-4743 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) categ… | |||
| CVE-2012-4742 | high | — | 7.5 | 14y ago | The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-2114 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to… | |||
| CVE-2012-2869 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale b… | |||
| CVE-2012-2866 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibl… | |||
| CVE-2012-4673 | high | — | 7.5 | 14y ago | SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list… | |||
| CVE-2012-3477 | high | — | 7.5 | 14y ago | SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |||
| CVE-2012-2289 | high | — | 7.5 | 14y ago | EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via un… | |||
| CVE-2012-3441 | high | — | 7.5 | 14y ago | The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via … | |||
| CVE-2012-4595 | high | — | 7.5 | 14y ago | McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin s… | |||
| CVE-2012-3455 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of… | |||
| CVE-2012-4343 | high | — | 7.5 | 14y ago | Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. | |||
| CVE-2012-4162 | high | — | 7.5 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a diff… | |||
| CVE-2012-4161 | high | — | 7.5 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a diff… | |||
| CVE-2012-4327 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. | |||
| CVE-2012-2325 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL com… | |||
| CVE-2012-2324 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) M… | |||
| CVE-2012-3475 | high | — | 7.5 | 14y ago | The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. | |||
| CVE-2012-3471 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 a… | |||
| CVE-2012-3470 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vector… | |||
| CVE-2012-3469 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl… | |||
| CVE-2012-3468 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/contr… | |||
| CVE-2012-2967 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, does not properly implement the `==` operator for comparisons | |||
| CVE-2012-2966 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters | |||
| CVE-2012-2965 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, does not properly handle unspecified characters in the names of variables | |||
| CVE-2012-3554 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands … | |||
| CVE-2012-2863 | high | — | 7.5 | 14y ago | The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write … | |||
| CVE-2012-2203 | high | — | 7.5 | 14y ago | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects … | |||
| CVE-2012-3423 | high | — | 7.5 | 14y ago | The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive informat… | |||
| CVE-2012-2665 | high | — | 7.5 | 14y ago | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po… |