CVEs from 2012
Total
5,234
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-2086 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | |
| CVE-2012-5836 | high | — | 7.5 | 14y ago | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving… | |
| CVE-2012-5854 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not … | |
| CVE-2012-4433 | high | — | 7.5 | 14y ago | Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbit… | |
| CVE-2012-4945 | high | — | 7.5 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue. | |
| CVE-2012-4941 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-5912 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | |
| CVE-2012-5909 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in … | |
| CVE-2012-5900 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (… | |
| CVE-2012-5894 | high | — | 7.5 | 14y ago | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |
| CVE-2012-4951 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalI… | |
| CVE-2012-4850 | high | — | 7.5 | 14y ago | IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |
| CVE-2012-3269 | high | — | 7.5 | 14y ago | Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via u… | |
| CVE-2012-5128 | high | — | 7.5 | 14y ago | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspec… | |
| CVE-2012-5127 | high | — | 7.5 | 14y ago | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. | |
| CVE-2012-5126 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |
| CVE-2012-5125 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |
| CVE-2012-5124 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unkno… | |
| CVE-2012-5122 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have oth… | |
| CVE-2012-5121 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. | |
| CVE-2012-5120 | high | — | 7.5 | 14y ago | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via c… | |
| CVE-2012-5118 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or pos… | |
| CVE-2012-5117 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | |
| CVE-2012-5116 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |
| CVE-2012-5115 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspe… | |
| CVE-2012-4498 | high | — | 7.5 | 14y ago | The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h… | |
| CVE-2012-5302 | high | — | 7.5 | 14y ago | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vect… | |
| CVE-2012-5168 | high | — | 7.5 | 14y ago | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_… | |
| CVE-2012-5167 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_subm… | |
| CVE-2012-4990 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | |
| CVE-2012-4772 | high | — | 7.5 | 14y ago | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | |
| CVE-2012-4232 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |
| CVE-2012-2971 | high | — | 7.5 | 14y ago | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a craf… | |
| CVE-2012-3158 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via … | |
| CVE-2012-5068 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |
| CVE-2012-3159 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |
| CVE-2012-5385 | high | — | 7.5 | 14y ago | install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | |
| CVE-2012-4399 | high | 7.5 | 7.5 | 14y ago | CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references | |
| CVE-2012-5347 | high | — | 7.5 | 14y ago | TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php. | |
| CVE-2012-5342 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | |
| CVE-2012-4456 | high | — | 7.5 | 14y ago | OpenStack Keystone Improper Authentication vulnerability | |
| CVE-2012-5111 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. | |
| CVE-2012-2900 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im… | |
| CVE-2012-5334 | high | — | 7.5 | 14y ago | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |
| CVE-2012-5333 | high | — | 7.5 | 14y ago | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-5317 | high | — | 7.5 | 14y ago | SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |
| CVE-2012-5313 | high | — | 7.5 | 14y ago | SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. | |
| CVE-2012-5312 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |
| CVE-2012-5310 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-5304 | high | — | 7.5 | 14y ago | Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOT… | |
| CVE-2012-1618 | high | — | 7.5 | 14y ago | Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9… | |
| CVE-2012-1565 | high | — | 7.5 | 14y ago | Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | |
| CVE-2012-5300 | high | — | 7.5 | 14y ago | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-5299 | high | — | 7.5 | 14y ago | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | |
| CVE-2012-5297 | high | — | 7.5 | 14y ago | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-5294 | high | — | 7.5 | 14y ago | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-5293 | high | — | 7.5 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g… | |
| CVE-2012-5292 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | |
| CVE-2012-5291 | high | — | 7.5 | 14y ago | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. | |
| CVE-2012-5290 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. | |
| CVE-2012-5289 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. | |
| CVE-2012-5288 | high | — | 7.5 | 14y ago | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-1603 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id paramet… | |
| CVE-2012-1602 | high | — | 7.5 | 14y ago | user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |
| CVE-2012-5231 | high | — | 7.5 | 14y ago | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) upda… | |
| CVE-2012-5230 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | |
| CVE-2012-5227 | high | — | 7.5 | 14y ago | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-5224 | high | — | 7.5 | 14y ago | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[te… | |
| CVE-2012-5223 | high | — | 7.5 | 14y ago | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly… | |
| CVE-2012-4432 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." | |
| CVE-2012-4415 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a l… | |
| CVE-2012-2240 | high | — | 7.5 | 14y ago | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |
| CVE-2012-2684 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote at… | |
| CVE-2012-2998 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via … | |
| CVE-2012-2896 | high | — | 7.5 | 14y ago | Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknow… | |
| CVE-2012-2888 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text referen… | |
| CVE-2012-2887 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. | |
| CVE-2012-2885 | high | — | 7.5 | 14y ago | Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit. | |
| CVE-2012-2883 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |
| CVE-2012-2881 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unk… | |
| CVE-2012-2880 | high | — | 7.5 | 14y ago | Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | |
| CVE-2012-2878 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handlin… | |
| CVE-2012-2876 | high | — | 7.5 | 14y ago | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown … | |
| CVE-2012-2874 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |
| CVE-2012-1116 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-0973 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the … | |
| CVE-2012-5159 | high | — | 7.5 | 14y ago | phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allo… | |
| CVE-2012-0209 | high | — | 7.5 | 14y ago | Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan… | |
| CVE-2012-3264 | high | — | 7.5 | 14y ago | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. | |
| CVE-2012-5101 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-5098 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (… | |
| CVE-2012-3716 | high | — | 7.5 | 14y ago | CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. | |
| CVE-2012-0650 | high | — | 7.5 | 14y ago | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) v… | |
| CVE-2012-5001 | high | — | 7.5 | 14y ago | Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified … | |
| CVE-2012-5000 | high | — | 7.5 | 14y ago | SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |
| CVE-2012-4997 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |
| CVE-2012-4996 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.p… | |
| CVE-2012-4993 | high | — | 7.5 | 14y ago | torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. | |
| CVE-2012-2105 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |
| CVE-2012-1184 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or p… |