CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-5118 +Priv 2012-08-22 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.
2 CVE-2010-5082 +Priv 2012-01-17 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
3 CVE-2010-5185 20 2012-08-26 2012-09-05
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
4 CVE-2010-5189 264 Exec Code 2012-08-26 2012-08-27
9.3
None Remote Medium Not required Complete Complete Complete
Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session.
5 CVE-2010-5191 352 CSRF 2012-08-26 2013-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device.
6 CVE-2010-5193 119 2 Exec Code Overflow 2012-08-31 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
7 CVE-2010-5194 119 1 Exec Code Overflow 2012-08-31 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.
8 CVE-2010-5286 22 1 Dir. Trav. 2012-11-26 2012-11-27
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
9 CVE-2011-1374 119 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.
10 CVE-2011-1377 2012-01-15 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.
11 CVE-2011-1389 22 Exec Code Dir. Trav. 2012-01-19 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
12 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
13 CVE-2011-2478 94 Exec Code 2012-04-17 2012-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
14 CVE-2011-2833 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
15 CVE-2011-2867 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
16 CVE-2011-2868 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
17 CVE-2011-2869 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
18 CVE-2011-2870 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
19 CVE-2011-2871 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
20 CVE-2011-2872 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
21 CVE-2011-2873 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
22 CVE-2011-3046 79 Exec Code XSS 2012-03-09 2020-04-16
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
23 CVE-2011-3047 119 DoS Exec Code Overflow Mem. Corr. 2012-03-10 2020-04-16
9.3
None Remote Medium Not required Complete Complete Complete
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
24 CVE-2011-3079 399 2012-05-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
25 CVE-2011-3081 416 DoS 2012-05-01 2020-04-13
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
26 CVE-2011-3086 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
27 CVE-2011-3087 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
28 CVE-2011-3089 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
29 CVE-2011-3091 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30 CVE-2011-3092 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
31 CVE-2011-3095 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
32 CVE-2011-3097 20 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
33 CVE-2011-3099 399 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
34 CVE-2011-3101 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
35 CVE-2011-3106 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
36 CVE-2011-3108 399 Exec Code 2012-05-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
37 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
38 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
39 CVE-2011-3193 787 DoS Exec Code Overflow 2012-06-16 2021-07-14
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
40 CVE-2011-3194 119 DoS Exec Code Overflow 2012-06-16 2021-06-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
41 CVE-2011-3478 287 Exec Code 2012-01-25 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
42 CVE-2011-3659 416 Exec Code 2012-02-01 2020-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
43 CVE-2011-3874 119 Exec Code Overflow 2012-01-27 2012-02-06
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
44 CVE-2011-3961 362 Exec Code 2012-02-09 2020-05-08
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
45 CVE-2011-4012 2012-05-02 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
46 CVE-2011-4039 264 Exec Code 2012-02-10 2012-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
47 CVE-2011-4041 94 Exec Code 2012-02-06 2012-12-11
10.0
None Remote Low Not required Complete Complete Complete
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
48 CVE-2011-4042 Exec Code 2012-04-03 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
49 CVE-2011-4043 189 Exec Code Overflow 2012-04-03 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
50 CVE-2011-4053 +Priv 2012-01-19 2012-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Total number of vulnerabilities : 961   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.