CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012 (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2012-4145 2012-08-06 2012-08-07
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
202 CVE-2012-4057 119 1 Exec Code Overflow 2012-07-25 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
203 CVE-2012-4050 2012-07-24 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
204 CVE-2012-4033 2012-07-18 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
205 CVE-2012-4011 78 Exec Code +Info 2012-09-08 2012-09-17
9.3
 None Remote Medium Not required Complete Complete Complete
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
206 CVE-2012-3995 125 DoS Exec Code 2012-10-10 2020-08-13
9.3
 None Remote Medium Not required Complete Complete Complete
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
207 CVE-2012-3993 269 Exec Code 2012-10-10 2020-08-13
9.3
 None Remote Medium Not required Complete Complete Complete
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
208 CVE-2012-3991 264 Bypass 2012-10-10 2020-08-11
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.
209 CVE-2012-3990 416 Exec Code 2012-10-10 2020-08-13
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.
210 CVE-2012-3989 119 DoS Exec Code Overflow 2012-10-10 2020-08-27
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
211 CVE-2012-3988 416 Exec Code 2012-10-10 2020-08-12
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.
212 CVE-2012-3983 119 DoS Exec Code Overflow Mem. Corr. 2012-10-10 2020-08-27
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
213 CVE-2012-3982 DoS Exec Code Mem. Corr. 2012-10-10 2020-08-10
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
214 CVE-2012-3980 94 Exec Code 2012-08-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.
215 CVE-2012-3971 119 DoS Exec Code Overflow Mem. Corr. 2012-08-29 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
216 CVE-2012-3970 399 DoS Exec Code Mem. Corr. 2012-08-29 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.
217 CVE-2012-3969 189 Exec Code Overflow 2012-08-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.
218 CVE-2012-3968 416 Exec Code 2012-08-29 2020-08-28
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.
219 CVE-2012-3967 787 DoS Exec Code Mem. Corr. 2012-08-29 2020-08-14
9.3
 None Remote Medium Not required Complete Complete Complete
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
220 CVE-2012-3966 119 DoS Exec Code Overflow Mem. Corr. 2012-08-29 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
221 CVE-2012-3965 264 Exec Code 2012-08-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
222 CVE-2012-3964 399 DoS Exec Code Mem. Corr. 2012-08-29 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
223 CVE-2012-3963 416 Exec Code 2012-08-29 2020-08-26
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
224 CVE-2012-3962 Exec Code 2012-08-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.
225 CVE-2012-3961 416 DoS Exec Code Mem. Corr. 2012-08-29 2020-08-28
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
226 CVE-2012-3960 416 DoS Exec Code Mem. Corr. 2012-08-29 2020-08-26
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
227 CVE-2012-3959 416 DoS Exec Code Mem. Corr. 2012-08-29 2020-08-26
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
228 CVE-2012-3958 399 DoS Exec Code Mem. Corr. 2012-08-29 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
229 CVE-2012-3957 787 Exec Code Overflow 2012-08-29 2020-08-28
10.0
 None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
230 CVE-2012-3956 416 DoS Exec Code Mem. Corr. 2012-08-29 2020-08-28
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
231 CVE-2012-3941 119 Exec Code Overflow 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850.
232 CVE-2012-3940 119 Exec Code Overflow 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.
233 CVE-2012-3939 119 DoS Exec Code Overflow Mem. Corr. 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331.
234 CVE-2012-3938 119 Exec Code Overflow 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583.
235 CVE-2012-3937 119 Exec Code Overflow 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967.
236 CVE-2012-3936 119 Exec Code Overflow 2012-10-25 2013-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962.
237 CVE-2012-3859 2012-07-09 2012-07-10
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
238 CVE-2012-3841 1 Exec Code 2012-07-03 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.
239 CVE-2012-3815 119 Exec Code Overflow 2012-06-27 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
240 CVE-2012-3811 Exec Code 2012-07-03 2012-07-17
10.0
 None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
241 CVE-2012-3797 119 DoS Overflow Mem. Corr. 2012-06-25 2013-05-21
10.0
 None Remote Low Not required Complete Complete Complete
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.
242 CVE-2012-3758 119 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.
243 CVE-2012-3757 DoS Exec Code Mem. Corr. 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
244 CVE-2012-3756 119 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
245 CVE-2012-3755 119 1 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
246 CVE-2012-3754 399 DoS Exec Code 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
247 CVE-2012-3753 119 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
248 CVE-2012-3752 119 DoS Exec Code Overflow 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
249 CVE-2012-3751 399 DoS Exec Code 2012-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.
250 CVE-2012-3701 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Total number of vulnerabilities : 961   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.