CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3751 CVE-2012-2046 119 DoS Exec Code Overflow Mem. Corr. 2012-08-15 2012-08-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2047.
3752 CVE-2012-2047 119 DoS Exec Code Overflow Mem. Corr. 2012-08-15 2012-08-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046.
3753 CVE-2012-2049 119 Exec Code Overflow 2012-08-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
3754 CVE-2012-2050 119 Exec Code Overflow 2012-08-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
3755 CVE-2012-2051 119 DoS Exec Code Overflow Mem. Corr. 2012-08-15 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
3756 CVE-2012-2118 20 DoS Exec Code 2012-05-18 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
3757 CVE-2012-2166 798 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
3758 CVE-2012-2271 119 1 Exec Code Overflow 2012-05-21 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
3759 CVE-2012-2321 20 Exec Code 2012-05-18 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
3760 CVE-2012-2376 119 1 Exec Code Overflow 2012-05-21 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
3761 CVE-2012-2379 2013-01-02 2013-02-13
10.0
None Remote Low Not required Complete Complete Complete
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3762 CVE-2012-2399 XSS 2012-04-21 2017-12-18
10.0
None Remote Low Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
3763 CVE-2012-2400 2012-04-21 2017-12-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
3764 CVE-2012-2405 310 2012-04-22 2017-12-13
10.0
None Remote Low Not required Complete Complete Complete
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
3765 CVE-2012-2427 119 Exec Code Overflow 2012-05-25 2012-05-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
3766 CVE-2012-2428 189 Exec Code Overflow 2012-05-25 2012-05-28
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
3767 CVE-2012-2429 189 Exec Code 2012-05-25 2012-05-28
10.0
None Remote Low Not required Complete Complete Complete
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
3768 CVE-2012-2559 399 DoS Exec Code 2012-07-04 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
3769 CVE-2012-2561 264 Exec Code 2012-05-21 2013-05-24
10.0
None Remote Low Not required Complete Complete Complete
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
3770 CVE-2012-2568 264 2012-05-25 2017-08-28
10.0
Admin Remote Low Not required Complete Complete Complete
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
3771 CVE-2012-2576 89 2 Exec Code Sql 2017-12-20 2018-01-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
3772 CVE-2012-2653 +Priv 2012-07-12 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
3773 CVE-2012-2688 Overflow 2012-07-20 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
3774 CVE-2012-2750 2012-08-16 2013-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
3775 CVE-2012-2772 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."
3776 CVE-2012-2775 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."
3777 CVE-2012-2776 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."
3778 CVE-2012-2777 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.
3779 CVE-2012-2779 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."
3780 CVE-2012-2782 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change."
3781 CVE-2012-2783 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."
3782 CVE-2012-2784 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.
3783 CVE-2012-2785 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value.
3784 CVE-2012-2786 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
3785 CVE-2012-2787 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."
3786 CVE-2012-2788 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."
3787 CVE-2012-2789 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).
3788 CVE-2012-2790 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
3789 CVE-2012-2791 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."
3790 CVE-2012-2792 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.
3791 CVE-2012-2793 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."
3792 CVE-2012-2794 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."
3793 CVE-2012-2795 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."
3794 CVE-2012-2796 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
3795 CVE-2012-2797 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."
3796 CVE-2012-2798 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
3797 CVE-2012-2799 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."
3798 CVE-2012-2800 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."
3799 CVE-2012-2801 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."
3800 CVE-2012-2802 2012-09-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.