CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2012 (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-5197 2012-09-28 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
2 CVE-2012-5196 119 Overflow 2012-09-28 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
3 CVE-2012-5054 189 1 Exec Code Overflow 2012-09-24 2018-10-30
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
4 CVE-2012-5006 119 Exec Code Overflow 2012-09-19 2012-09-20
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file.
5 CVE-2012-4992 119 1 Exec Code Overflow 2012-09-19 2017-08-29
9.0
 None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
6 CVE-2012-4969 Exec Code 2012-09-18 2017-11-21
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
7 CVE-2012-4924 119 1 Exec Code Overflow 2012-09-15 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
8 CVE-2012-4907 264 2012-09-13 2012-09-14
9.3
 None Remote Medium Not required Complete Complete Complete
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
9 CVE-2012-4879 255 2012-09-07 2013-10-11
10.0
 None Remote Low Not required Complete Complete Complete
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
10 CVE-2012-4876 119 1 Exec Code Overflow 2012-09-06 2012-09-07
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
11 CVE-2012-4875 119 Exec Code Overflow 2012-09-06 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.
12 CVE-2012-4874 2012-09-06 2012-09-07
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
13 CVE-2012-4865 119 2 Exec Code Overflow 2012-09-06 2012-09-13
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
14 CVE-2012-4864 94 2 DoS Exec Code Mem. Corr. 2012-09-06 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
15 CVE-2012-4655 20 Exec Code 2012-09-24 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
16 CVE-2012-4011 78 Exec Code +Info 2012-09-08 2012-09-17
9.3
 None Remote Medium Not required Complete Complete Complete
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
17 CVE-2012-3701 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
18 CVE-2012-3687 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
19 CVE-2012-3632 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
20 CVE-2012-3621 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
21 CVE-2012-3607 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
22 CVE-2012-3606 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
23 CVE-2012-3334 119 Exec Code Overflow 2012-09-25 2017-08-29
9.0
 None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
24 CVE-2012-3324 22 Dir. Trav. 2012-09-25 2017-08-29
9.0
 None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
25 CVE-2012-3298 DoS +Info 2012-09-25 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
26 CVE-2012-3263 Exec Code 2012-09-25 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.
27 CVE-2012-3262 Exec Code 2012-09-25 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.
28 CVE-2012-3261 Exec Code 2012-09-25 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
29 CVE-2012-3260 Exec Code 2012-09-25 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
30 CVE-2012-3259 Exec Code 2012-09-25 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.
31 CVE-2012-3258 Exec Code 2012-09-19 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
32 CVE-2012-3088 2012-09-16 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
33 CVE-2012-3013 255 2012-09-07 2013-10-08
10.0
 None Remote Low Not required Complete Complete Complete
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session.
34 CVE-2012-2897 119 Exec Code Overflow 2012-09-26 2020-09-28
10.0
 None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
35 CVE-2012-2804 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.
36 CVE-2012-2803 399 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.
37 CVE-2012-2802 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."
38 CVE-2012-2801 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."
39 CVE-2012-2800 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."
40 CVE-2012-2799 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."
41 CVE-2012-2798 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
42 CVE-2012-2797 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."
43 CVE-2012-2796 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
44 CVE-2012-2795 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."
45 CVE-2012-2794 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."
46 CVE-2012-2793 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."
47 CVE-2012-2792 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.
48 CVE-2012-2791 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."
49 CVE-2012-2790 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
50 CVE-2012-2789 2012-09-10 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).
Total number of vulnerabilities : 79   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.