CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7951 CVE-2012-1390 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors.
7952 CVE-2012-1389 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors.
7953 CVE-2012-1388 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors.
7954 CVE-2012-1387 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors.
7955 CVE-2012-1386 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors.
7956 CVE-2012-1385 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors.
7957 CVE-2012-1384 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors.
7958 CVE-2012-1383 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors.
7959 CVE-2012-1382 2012-03-07 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors.
7960 CVE-2012-1381 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors.
7961 CVE-2012-1380 2012-03-07 2012-03-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors.
7962 CVE-2012-1337 119 Exec Code Overflow 2012-04-05 2018-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336.
7963 CVE-2012-1336 119 Exec Code Overflow 2012-04-05 2018-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337.
7964 CVE-2012-1335 119 Exec Code Overflow 2012-04-05 2018-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337.
7965 CVE-2012-1288 255 2012-02-23 2012-02-27
10.0
None Remote Low Not required Complete Complete Complete
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session.
7966 CVE-2012-1264 Exec Code 2012-03-17 2018-01-10
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file.
7967 CVE-2012-1250 264 2012-06-04 2013-01-03
10.0
Admin Remote Low Not required Complete Complete Complete
Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.
7968 CVE-2012-1239 264 Bypass 2012-04-06 2012-04-09
10.0
Admin Remote Low Not required Complete Complete Complete
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
7969 CVE-2012-1206 189 Exec Code Overflow 2012-02-24 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.
7970 CVE-2012-1197 189 Exec Code Overflow 2012-02-17 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow.
7971 CVE-2012-1189 119 1 Exec Code Overflow 2012-10-08 2012-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
7972 CVE-2012-1185 189 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
7973 CVE-2012-1182 189 Exec Code 2012-04-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
7974 CVE-2012-1166 78 Exec Code 2014-05-21 2014-05-31
10.0
None Remote Low Not required Complete Complete Complete
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
7975 CVE-2012-1146 DoS 2012-05-17 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
7976 CVE-2012-1144 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
7977 CVE-2012-1142 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
7978 CVE-2012-1141 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
7979 CVE-2012-1140 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
7980 CVE-2012-1139 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
7981 CVE-2012-1138 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
7982 CVE-2012-1137 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
7983 CVE-2012-1136 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
7984 CVE-2012-1135 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
7985 CVE-2012-1134 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
7986 CVE-2012-1133 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
7987 CVE-2012-1132 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
7988 CVE-2012-1131 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
7989 CVE-2012-1130 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
7990 CVE-2012-1129 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
7991 CVE-2012-1128 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
7992 CVE-2012-1127 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
7993 CVE-2012-1126 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2018-01-17
10.0
None Remote Low Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
7994 CVE-2012-1015 20 DoS Exec Code Mem. Corr. 2012-08-06 2013-04-04
9.3
None Remote Medium Not required Complete Complete Complete
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
7995 CVE-2012-1014 DoS Exec Code 2012-08-06 2012-11-06
9.0
None Remote Low Not required Partial Partial Complete
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
7996 CVE-2012-1002 1 Exec Code Sql 2012-02-07 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
7997 CVE-2012-0985 119 1 DoS Exec Code Overflow 2012-06-07 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
7998 CVE-2012-0977 119 Exec Code Overflow 2012-02-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
7999 CVE-2012-0928 94 Exec Code 2012-02-08 2012-02-09
9.3
None Remote Medium Not required Complete Complete Complete
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.
8000 CVE-2012-0927 94 Exec Code 2012-02-08 2012-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.