CVEs from 2012
Total
5,221
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-1380 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors. | |
| CVE-2012-0768 | critical | — | 10.0 | 14y ago | The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 o… | |
| CVE-2012-0838 | critical | — | 10.0 | 14y ago | Apache Struts Code injection due to conversion error | |
| CVE-2012-1418 | critical | — | 10.0 | 14y ago | Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |
| CVE-2012-1288 | critical | — | 10.0 | 15y ago | The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP sessi… | |
| CVE-2012-0243 | critical | — | 10.0 | 15y ago | Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content… | |
| CVE-2012-0242 | critical | — | 10.0 | 15y ago | Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |
| CVE-2012-0240 | critical | — | 10.0 | 15y ago | GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-0238 | critical | — | 10.0 | 15y ago | Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-0751 | critical | — | 10.0 | 15y ago | The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via uns… | |
| CVE-2012-0508 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via… | |
| CVE-2012-0500 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java … | |
| CVE-2012-0499 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and J… | |
| CVE-2012-0498 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to a… | |
| CVE-2012-0497 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, int… | |
| CVE-2012-0766 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0764 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0763 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0762 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0761 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0760 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-0759 | critical | — | 10.0 | 15y ago | Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0… | |
| CVE-2012-0758 | critical | — | 10.0 | 15y ago | Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-0757 | critical | — | 10.0 | 15y ago | The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… | |
| CVE-2012-1002 | critical | — | 10.0 | 15y ago | SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |
| CVE-2012-0290 | critical | — | 10.0 | 15y ago | Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1… | |
| CVE-2012-0444 | critical | — | 10.0 | 15y ago | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote … | |
| CVE-2012-0443 | critical | — | 10.0 | 15y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of servic… | |
| CVE-2012-0918 | critical | — | 10.0 | 15y ago | Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00… | |
| CVE-2012-0697 | critical | — | 10.0 | 15y ago | HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than C… | |
| CVE-2012-0695 | critical | — | 10.0 | 15y ago | Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |
| CVE-2012-1516 | critical | 9.9 | 9.9 | 14y ago | The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process cr… | |
| CVE-2012-10060 | critical | 9.8 | 9.8 | 10mo ago | Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies th… | |
| CVE-2012-3503 | critical | 9.8 | 9.8 | 4y ago | Katello uses hard coded credential | |
| CVE-2012-2576 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at… | |
| CVE-2012-4449 | critical | 9.8 | 9.8 | 9y ago | Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop | |
| CVE-2012-5358 | critical | 9.8 | 9.8 | 9y ago | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrar… | |
| CVE-2012-5357 | critical | 9.8 | 9.8 | 9y ago | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE … | |
| CVE-2012-1622 | critical | 9.8 | 9.8 | 9y ago | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-4570 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-6696 | critical | 9.8 | 9.8 | 9y ago | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | |
| CVE-2012-2781 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | |
| CVE-2012-2780 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | |
| CVE-2012-2778 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | |
| CVE-2012-2773 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |
| CVE-2012-2771 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | |
| CVE-2012-0803 | critical | 9.8 | 9.8 | 9y ago | Improper Authentication in Apache CXF | |
| CVE-2012-6706 | critical | 9.8 | 9.8 | 9y ago | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. … | |
| CVE-2012-1301 | critical | 9.8 | 9.8 | 9y ago | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | |
| CVE-2012-6068 | critical | 9.8 | 9.8 | 14y ago | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener ser… | |
| CVE-2012-4406 | critical | 9.8 | 9.8 | 14y ago | OpenStack Object Storage (swift) Code Injection vulnerability | |
| CVE-2012-0911 | critical | 9.8 | 9.8 | 14y ago | TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) prin… | |
| CVE-2012-1891 | critical | 9.8 | 9.8 | 14y ago | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML d… | |
| CVE-2012-0931 | critical | 9.8 | 9.8 | 15y ago | Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary cod… | |
| CVE-2012-5376 | critical | 9.6 | 9.6 | 14y ago | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging ac… | |
| CVE-2012-5864 | critical | — | 9.4 | 14y ago | These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access… | |
| CVE-2012-2627 | critical | — | 9.4 | 14y ago | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\sn… | |
| CVE-2012-4988 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image fi… | |
| CVE-2012-2052 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada… | |
| CVE-2012-2108 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted fil… | |
| CVE-2012-2107 | critical | — | 9.3 | 13y ago | Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which tr… | |
| CVE-2012-2106 | critical | — | 9.3 | 13y ago | Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-ba… | |
| CVE-2012-6535 | critical | — | 9.3 | 13y ago | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a… | |
| CVE-2012-6349 | critical | — | 9.3 | 13y ago | Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. | |
| CVE-2012-6569 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S56… | |
| CVE-2012-6558 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) f… | |
| CVE-2012-6553 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many … | |
| CVE-2012-5947 | critical | — | 9.3 | 13y ago | Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-5946 | critical | — | 9.3 | 13y ago | Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string. | |
| CVE-2012-5945 | critical | — | 9.3 | 13y ago | Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property… | |
| CVE-2012-5937 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2… | |
| CVE-2012-4710 | critical | — | 9.3 | 13y ago | Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) vi… | |
| CVE-2012-4858 | critical | — | 9.3 | 13y ago | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to exec… | |
| CVE-2012-0439 | critical | — | 9.3 | 13y ago | An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the Set… | |
| CVE-2012-4701 | critical | — | 9.3 | 14y ago | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials… | |
| CVE-2012-6075 | critical | — | 9.3 | 14y ago | Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a… | |
| CVE-2012-4700 | critical | — | 9.3 | 14y ago | Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. | |
| CVE-2012-4305 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |
| CVE-2012-0204 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 befo… | |
| CVE-2012-4914 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. | |
| CVE-2012-6440 | critical | — | 9.3 | 14y ago | The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the pr… | |
| CVE-2012-4607 | critical | — | 9.3 | 14y ago | Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. | |
| CVE-2012-4823 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used… | |
| CVE-2012-4822 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli… | |
| CVE-2012-4821 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli… | |
| CVE-2012-4820 | critical | — | 9.3 | 14y ago | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used… | |
| CVE-2012-6470 | critical | — | 9.3 | 14y ago | Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | |
| CVE-2012-6468 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. | |
| CVE-2012-6465 | critical | — | 9.3 | 14y ago | Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. | |
| CVE-2012-5161 | critical | — | 9.3 | 14y ago | The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-6271 | critical | — | 9.3 | 14y ago | Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an ou… | |
| CVE-2012-6270 | critical | — | 9.3 | 14y ago | Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave … | |
| CVE-2012-5691 | critical | — | 9.3 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file. | |
| CVE-2012-5690 | critical | — | 9.3 | 14y ago | RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. | |
| CVE-2012-6422 | critical | — | 9.3 | 14y ago | The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which al… | |
| CVE-2012-4782 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Us… | |
| CVE-2012-4781 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Inject… | |
| CVE-2012-4774 | critical | — | 9.3 | 14y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via … | |
| CVE-2012-2556 | critical | — | 9.3 | 14y ago | The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and … | |
| CVE-2012-1537 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows … |