CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8051 CVE-2012-3105 119 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.
8052 CVE-2012-3088 2012-09-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
8053 CVE-2012-3076 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
8054 CVE-2012-3075 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
8055 CVE-2012-3057 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.
8056 CVE-2012-3056 119 DoS Exec Code Overflow Mem. Corr. 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946.
8057 CVE-2012-3055 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953.
8058 CVE-2012-3054 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977.
8059 CVE-2012-3053 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985.
8060 CVE-2012-3026 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.
8061 CVE-2012-3021 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.
8062 CVE-2012-3013 255 2012-09-06 2013-10-08
10.0
None Remote Low Not required Complete Complete Complete
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session.
8063 CVE-2012-3010 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.
8064 CVE-2012-3002 287 Bypass 2012-12-21 2013-03-01
10.0
None Remote Low Not required Complete Complete Complete
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.
8065 CVE-2012-2990 94 2012-08-24 2012-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.
8066 CVE-2012-2976 78 Exec Code 2012-07-23 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue.
8067 CVE-2012-2974 287 Bypass 2012-07-19 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.
8068 CVE-2012-2953 78 Exec Code 2012-07-23 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
8069 CVE-2012-2949 264 +Priv 2012-05-29 2012-05-30
10.0
None Remote Low Not required Complete Complete Complete
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
8070 CVE-2012-2915 119 Exec Code Overflow 2012-05-21 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
8071 CVE-2012-2897 119 Exec Code Overflow 2012-09-26 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
8072 CVE-2012-2864 119 Exec Code Overflow 2012-08-22 2014-02-11
10.0
None Remote Low Not required Complete Complete Complete
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
8073 CVE-2012-2844 DoS 2012-07-12 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.
8074 CVE-2012-2834 189 DoS Overflow 2012-06-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
8075 CVE-2012-2804 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.
8076 CVE-2012-2803 399 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.
8077 CVE-2012-2802 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."
8078 CVE-2012-2801 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."
8079 CVE-2012-2800 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."
8080 CVE-2012-2799 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."
8081 CVE-2012-2798 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
8082 CVE-2012-2797 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."
8083 CVE-2012-2796 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
8084 CVE-2012-2795 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."
8085 CVE-2012-2794 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."
8086 CVE-2012-2793 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."
8087 CVE-2012-2792 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.
8088 CVE-2012-2791 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."
8089 CVE-2012-2790 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
8090 CVE-2012-2789 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).
8091 CVE-2012-2788 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."
8092 CVE-2012-2787 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."
8093 CVE-2012-2786 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
8094 CVE-2012-2785 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value.
8095 CVE-2012-2784 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.
8096 CVE-2012-2783 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."
8097 CVE-2012-2782 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change."
8098 CVE-2012-2779 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."
8099 CVE-2012-2777 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.
8100 CVE-2012-2776 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.