CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1408 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors. | |||
| CVE-2012-0124 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2012-0123 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2012-0122 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2012-0121 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2012-0002 | critical | — | 10.0 | 14y ago | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 d… | |||
| CVE-2012-0245 | critical | — | 10.0 | 14y ago | Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5… | |||
| CVE-2012-1407 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1406 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1405 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1404 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1403 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1402 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) application 1.2.3 and 1.3.4 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1401 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the CamScanner (com.intsig.camscanner) application 1.2.2.20110823 and 1.3.2.20120116 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1400 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1399 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1398 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1397 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1396 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1395 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.gowidget.twitterwidget) application 1.7 and 2.1 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1394 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1393 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1392 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1391 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1390 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1389 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1388 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors. | |||
| CVE-2012-1387 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1386 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1385 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1384 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1383 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1382 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors. | |||
| CVE-2012-1381 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors. | |||
| CVE-2012-1380 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors. | |||
| CVE-2012-0198 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to … | |||
| CVE-2012-0768 | critical | — | 10.0 | 14y ago | The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 o… | |||
| CVE-2012-0838 | critical | — | 10.0 | 14y ago | Apache Struts Code injection due to conversion error | |||
| CVE-2012-0201 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long prof… | |||
| CVE-2012-1418 | critical | — | 10.0 | 14y ago | Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||
| CVE-2012-1288 | critical | — | 10.0 | 15y ago | The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP sessi… | |||
| CVE-2012-0243 | critical | — | 10.0 | 15y ago | Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content… | |||
| CVE-2012-0242 | critical | — | 10.0 | 15y ago | Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||
| CVE-2012-0240 | critical | — | 10.0 | 15y ago | GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0238 | critical | — | 10.0 | 15y ago | Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0751 | critical | — | 10.0 | 15y ago | The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via uns… | |||
| CVE-2012-0508 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2012-0500 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java … | |||
| CVE-2012-0499 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and J… | |||
| CVE-2012-0498 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to a… | |||
| CVE-2012-0497 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-0766 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0764 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0763 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0762 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0761 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0760 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-0759 | critical | — | 10.0 | 15y ago | Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0… | |||
| CVE-2012-0758 | critical | — | 10.0 | 15y ago | Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0757 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |||
| CVE-2012-1002 | critical | — | 10.0 | 15y ago | SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2012-0290 | critical | — | 10.0 | 15y ago | Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1… | |||
| CVE-2012-0444 | critical | — | 10.0 | 15y ago | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote … | |||
| CVE-2012-0443 | critical | — | 10.0 | 15y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of servic… | |||
| CVE-2012-0918 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00… | |||
| CVE-2012-0267 | critical | — | 10.0 | 15y ago | The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a… | |||
| CVE-2012-0266 | critical | — | 10.0 | 15y ago | Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long… | |||
| CVE-2012-0697 | critical | — | 10.0 | 15y ago | HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than C… | |||
| CVE-2012-0695 | critical | — | 10.0 | 15y ago | Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||
| CVE-2012-0013 | critical | — | 10.0 | 15y ago | Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and … | |||
| CVE-2012-1516 | critical | 9.9 | 9.9 | 14y ago | The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process cr… | |||
| CVE-2012-3503 | critical | 9.8 | 9.8 | 4y ago | Katello uses hard coded credential | |||
| CVE-2012-4449 | critical | 9.8 | 9.8 | 9y ago | Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop | |||
| CVE-2012-5358 | critical | 9.8 | 9.8 | 9y ago | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrar… | |||
| CVE-2012-1622 | critical | 9.8 | 9.8 | 9y ago | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4570 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-6696 | critical | 9.8 | 9.8 | 9y ago | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | |||
| CVE-2012-2781 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | |||
| CVE-2012-2780 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | |||
| CVE-2012-2778 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-2773 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-2771 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |||
| CVE-2012-0803 | critical | 9.8 | 9.8 | 9y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-6706 | critical | 9.8 | 9.8 | 9y ago | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. … | |||
| CVE-2012-1301 | critical | 9.8 | 9.8 | 9y ago | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | |||
| CVE-2012-6068 | critical | 9.8 | 9.8 | 14y ago | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener ser… | |||
| CVE-2012-4406 | critical | 9.8 | 9.8 | 14y ago | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb… | |||
| CVE-2012-1891 | critical | 9.8 | 9.8 | 14y ago | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML d… | |||
| CVE-2012-0931 | critical | 9.8 | 9.8 | 15y ago | Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary cod… | |||
| CVE-2012-5376 | critical | 9.6 | 9.6 | 14y ago | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging ac… | |||
| CVE-2012-5864 | critical | — | 9.4 | 14y ago | These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access… | |||
| CVE-2012-2627 | critical | — | 9.4 | 14y ago | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\sn… | |||
| CVE-2012-4988 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image fi… | |||
| CVE-2012-2052 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada… | |||
| CVE-2012-2108 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted fil… | |||
| CVE-2012-2107 | critical | — | 9.3 | 13y ago | Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which tr… | |||
| CVE-2012-2106 | critical | — | 9.3 | 13y ago | Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-ba… | |||
| CVE-2012-6535 | critical | — | 9.3 | 13y ago | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a… | |||
| CVE-2012-6349 | critical | — | 9.3 | 13y ago | Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. | |||
| CVE-2012-6569 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S56… |