CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7751 CVE-2012-5258 119 DoS Exec Code Overflow Mem. Corr. 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
7752 CVE-2012-5257 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7753 CVE-2012-5256 119 DoS Exec Code Overflow Mem. Corr. 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
7754 CVE-2012-5255 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7755 CVE-2012-5254 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7756 CVE-2012-5253 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7757 CVE-2012-5252 119 DoS Exec Code Overflow Mem. Corr. 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
7758 CVE-2012-5251 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7759 CVE-2012-5250 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7760 CVE-2012-5249 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7761 CVE-2012-5248 119 Exec Code Overflow 2012-10-09 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
7762 CVE-2012-5209 Exec Code 2013-03-09 2016-08-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.
7763 CVE-2012-5207 DoS +Info 2013-03-09 2016-08-24
9.0
None Remote Low Not required Complete Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1661.
7764 CVE-2012-5201 Exec Code 2013-03-09 2016-08-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
7765 CVE-2012-5197 2012-09-28 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
7766 CVE-2012-5196 119 Overflow 2012-09-28 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
7767 CVE-2012-5188 2013-02-13 2013-02-19
10.0
None Remote Low Not required Complete Complete Complete
Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors.
7768 CVE-2012-5161 Exec Code 2012-12-26 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
7769 CVE-2012-5144 119 DoS Overflow Mem. Corr. 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
7770 CVE-2012-5143 190 DoS Overflow 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
7771 CVE-2012-5142 94 DoS Exec Code 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
7772 CVE-2012-5141 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
7773 CVE-2012-5140 416 DoS 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
7774 CVE-2012-5139 416 DoS 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
7775 CVE-2012-5138 2012-12-04 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
7776 CVE-2012-5137 416 DoS 2012-12-04 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
7777 CVE-2012-5112 399 Exec Code 2012-10-11 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
7778 CVE-2012-5108 362 Exec Code 2012-10-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
7779 CVE-2012-5106 119 1 Exec Code Overflow 2014-06-20 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
7780 CVE-2012-5088 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
7781 CVE-2012-5087 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
7782 CVE-2012-5086 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
7783 CVE-2012-5083 2012-10-16 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
7784 CVE-2012-5078 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080.
7785 CVE-2012-5076 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
7786 CVE-2012-5054 189 1 Exec Code Overflow 2012-09-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
7787 CVE-2012-5006 119 Exec Code Overflow 2012-09-19 2012-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file.
7788 CVE-2012-4992 119 1 Exec Code Overflow 2012-09-19 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
7789 CVE-2012-4988 119 Exec Code Overflow 2014-07-09 2017-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
7790 CVE-2012-4969 Exec Code 2012-09-18 2017-11-21
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
7791 CVE-2012-4959 22 Dir. Trav. 2012-11-18 2012-11-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
7792 CVE-2012-4956 119 Exec Code Overflow 2012-11-18 2013-05-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
7793 CVE-2012-4953 119 DoS Exec Code Overflow 2012-11-14 2013-03-11
9.3
None Remote Medium Not required Complete Complete Complete
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.
7794 CVE-2012-4944 Exec Code 2012-11-18 2013-06-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.
7795 CVE-2012-4924 119 1 Exec Code Overflow 2012-09-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
7796 CVE-2012-4914 119 Exec Code Overflow 2013-01-26 2013-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
7797 CVE-2012-4907 264 2012-09-13 2012-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
7798 CVE-2012-4896 119 Exec Code Overflow 2012-10-05 2013-04-10
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.
7799 CVE-2012-4895 119 Exec Code Overflow 2012-10-05 2013-04-10
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.
7800 CVE-2012-4894 119 DoS Exec Code Overflow Mem. Corr. 2012-10-05 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.