CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10751 CVE-2012-5196 119 Overflow 2012-09-28 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
10752 CVE-2012-5188 2013-02-14 2013-02-19
10.0
None Remote Low Not required Complete Complete Complete
Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors.
10753 CVE-2012-5161 Exec Code 2012-12-26 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
10754 CVE-2012-5144 119 DoS Overflow Mem. Corr. 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
10755 CVE-2012-5143 190 DoS Overflow 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
10756 CVE-2012-5142 94 DoS Exec Code 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
10757 CVE-2012-5141 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
10758 CVE-2012-5140 416 DoS 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
10759 CVE-2012-5139 416 DoS 2012-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
10760 CVE-2012-5138 2012-12-04 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
10761 CVE-2012-5137 416 DoS 2012-12-04 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
10762 CVE-2012-5112 399 Exec Code 2012-10-11 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
10763 CVE-2012-5108 362 Exec Code 2012-10-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
10764 CVE-2012-5106 119 1 Exec Code Overflow 2014-06-20 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
10765 CVE-2012-5088 2012-10-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
10766 CVE-2012-5087 2012-10-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
10767 CVE-2012-5086 2012-10-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
10768 CVE-2012-5083 2012-10-16 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
10769 CVE-2012-5078 2012-10-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080.
10770 CVE-2012-5076 2012-10-16 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
10771 CVE-2012-5054 189 1 Exec Code Overflow 2012-09-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
10772 CVE-2012-5006 119 Exec Code Overflow 2012-09-19 2012-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file.
10773 CVE-2012-4992 119 1 Exec Code Overflow 2012-09-19 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
10774 CVE-2012-4988 119 Exec Code Overflow 2014-07-09 2017-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
10775 CVE-2012-4969 Exec Code 2012-09-18 2017-11-21
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
10776 CVE-2012-4959 22 Dir. Trav. 2012-11-18 2012-11-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
10777 CVE-2012-4956 119 Exec Code Overflow 2012-11-18 2013-05-03
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
10778 CVE-2012-4953 119 DoS Exec Code Overflow 2012-11-14 2013-03-12
9.3
None Remote Medium Not required Complete Complete Complete
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.
10779 CVE-2012-4944 Exec Code 2012-11-18 2013-06-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.
10780 CVE-2012-4924 119 1 Exec Code Overflow 2012-09-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
10781 CVE-2012-4914 119 Exec Code Overflow 2013-01-26 2013-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
10782 CVE-2012-4907 264 2012-09-13 2012-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
10783 CVE-2012-4896 119 Exec Code Overflow 2012-10-05 2020-03-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.
10784 CVE-2012-4895 119 Exec Code Overflow 2012-10-05 2020-03-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.
10785 CVE-2012-4894 119 DoS Exec Code Overflow Mem. Corr. 2012-10-05 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
10786 CVE-2012-4886 119 1 Exec Code Overflow 2014-03-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
10787 CVE-2012-4879 255 2012-09-07 2013-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
10788 CVE-2012-4876 119 1 Exec Code Overflow 2012-09-06 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
10789 CVE-2012-4875 119 Exec Code Overflow 2012-09-06 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.
10790 CVE-2012-4874 2012-09-06 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
10791 CVE-2012-4865 119 2 Exec Code Overflow 2012-09-06 2012-09-13
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
10792 CVE-2012-4864 94 2 DoS Exec Code Mem. Corr. 2012-09-06 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
10793 CVE-2012-4858 20 Exec Code 2013-03-05 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.
10794 CVE-2012-4857 119 Exec Code Overflow 2012-12-08 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
10795 CVE-2012-4823 Exec Code 2013-01-11 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
10796 CVE-2012-4822 Exec Code 2013-01-11 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
10797 CVE-2012-4821 Exec Code 2013-01-11 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
10798 CVE-2012-4820 +Priv 2013-01-11 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
10799 CVE-2012-4792 399 Exec Code 2012-12-30 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
10800 CVE-2012-4787 399 Exec Code 2012-12-12 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.