CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2012-0925 94 Exec Code 2012-02-08 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.
652 CVE-2012-0924 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.
653 CVE-2012-0923 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.
654 CVE-2012-0922 94 Exec Code 2012-02-08 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
655 CVE-2012-0918 Exec Code 2012-01-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
656 CVE-2012-0916 119 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.
657 CVE-2012-0915 189 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image.
658 CVE-2012-0838 20 Exec Code 2012-03-02 2018-12-07
10.0
None Remote Low Not required Complete Complete Complete
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
659 CVE-2012-0804 119 DoS Exec Code Overflow 2012-05-29 2018-01-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
660 CVE-2012-0780 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
661 CVE-2012-0779 Exec Code 2012-05-04 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
662 CVE-2012-0778 119 Exec Code Overflow 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors.
663 CVE-2012-0776 264 Exec Code Bypass 2012-04-10 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
664 CVE-2012-0775 119 DoS Exec Code Overflow Mem. Corr. 2012-04-10 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
665 CVE-2012-0774 189 Exec Code Overflow 2012-04-10 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
666 CVE-2012-0773 119 DoS Exec Code Overflow Mem. Corr. 2012-03-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
667 CVE-2012-0772 119 DoS Exec Code Overflow Mem. Corr. 2012-03-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
668 CVE-2012-0768 399 DoS Exec Code Mem. Corr. 2012-03-05 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
669 CVE-2012-0766 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-25
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.
670 CVE-2012-0764 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-03-21
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.
671 CVE-2012-0763 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.
672 CVE-2012-0762 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
673 CVE-2012-0761 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
674 CVE-2012-0760 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
675 CVE-2012-0759 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2018-02-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771.
676 CVE-2012-0758 119 Exec Code Overflow 2012-02-15 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.
677 CVE-2012-0757 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
678 CVE-2012-0756 264 Bypass 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
679 CVE-2012-0755 264 Bypass 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.
680 CVE-2012-0754 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
681 CVE-2012-0753 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.
682 CVE-2012-0752 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion."
683 CVE-2012-0751 DoS Exec Code Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
684 CVE-2012-0736 20 Exec Code 2012-05-03 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
685 CVE-2012-0725 119 DoS Overflow Mem. Corr. 2012-04-06 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
686 CVE-2012-0724 119 DoS Overflow Mem. Corr. 2012-04-06 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
687 CVE-2012-0708 119 Exec Code Overflow 2012-04-22 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
688 CVE-2012-0697 22 Dir. Trav. 2012-01-13 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
689 CVE-2012-0695 2012-01-12 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
690 CVE-2012-0685 189 Exec Code Overflow 2012-05-09 2012-05-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
691 CVE-2012-0684 189 Exec Code Overflow 2012-05-09 2012-05-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
692 CVE-2012-0683 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
693 CVE-2012-0682 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
694 CVE-2012-0677 119 DoS Exec Code Overflow 2012-06-12 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
695 CVE-2012-0671 94 DoS Exec Code Mem. Corr. 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
696 CVE-2012-0670 189 DoS Exec Code Overflow 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.
697 CVE-2012-0669 119 DoS Exec Code Overflow 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
698 CVE-2012-0668 119 DoS Exec Code Overflow 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.
699 CVE-2012-0667 189 DoS Exec Code 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
700 CVE-2012-0666 119 DoS Exec Code Overflow 2012-05-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.
Total number of vulnerabilities : 961   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.