CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11851 CVE-2012-1166 78 Exec Code 2014-05-21 2014-05-31
10.0
None Remote Low Not required Complete Complete Complete
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
11852 CVE-2012-1144 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
11853 CVE-2012-1142 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
11854 CVE-2012-1141 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
11855 CVE-2012-1140 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
11856 CVE-2012-1139 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
11857 CVE-2012-1138 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
11858 CVE-2012-1137 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
11859 CVE-2012-1136 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
11860 CVE-2012-1135 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
11861 CVE-2012-1134 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
11862 CVE-2012-1133 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
11863 CVE-2012-1132 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
11864 CVE-2012-1131 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
11865 CVE-2012-1130 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
11866 CVE-2012-1129 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
11867 CVE-2012-1128 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
11868 CVE-2012-1127 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
11869 CVE-2012-1126 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
11870 CVE-2012-1015 20 DoS Exec Code Mem. Corr. 2012-08-06 2020-01-21
9.3
None Remote Medium Not required Complete Complete Complete
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
11871 CVE-2012-1014 DoS Exec Code 2012-08-06 2020-01-21
9.0
None Remote Low Not required Partial Partial Complete
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
11872 CVE-2012-1002 1 Exec Code Sql 2012-02-08 2017-12-07
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
11873 CVE-2012-0985 119 1 DoS Exec Code Overflow 2012-06-07 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
11874 CVE-2012-0977 119 Exec Code Overflow 2012-02-02 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
11875 CVE-2012-0928 94 Exec Code 2012-02-08 2012-02-09
9.3
None Remote Medium Not required Complete Complete Complete
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.
11876 CVE-2012-0927 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.
11877 CVE-2012-0926 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.
11878 CVE-2012-0925 94 Exec Code 2012-02-08 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.
11879 CVE-2012-0924 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.
11880 CVE-2012-0923 94 Exec Code 2012-02-08 2012-02-25
9.3
None Remote Medium Not required Complete Complete Complete
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.
11881 CVE-2012-0922 94 Exec Code 2012-02-08 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
11882 CVE-2012-0918 Exec Code 2012-01-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
11883 CVE-2012-0916 119 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.
11884 CVE-2012-0915 189 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image.
11885 CVE-2012-0838 20 Exec Code 2012-03-02 2018-12-07
10.0
None Remote Low Not required Complete Complete Complete
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
11886 CVE-2012-0804 119 DoS Exec Code Overflow 2012-05-29 2018-01-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
11887 CVE-2012-0780 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
11888 CVE-2012-0779 Exec Code 2012-05-04 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
11889 CVE-2012-0778 119 Exec Code Overflow 2012-05-09 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors.
11890 CVE-2012-0776 264 Exec Code Bypass 2012-04-10 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
11891 CVE-2012-0775 119 DoS Exec Code Overflow Mem. Corr. 2012-04-10 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
11892 CVE-2012-0774 189 Exec Code Overflow 2012-04-10 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
11893 CVE-2012-0773 119 DoS Exec Code Overflow Mem. Corr. 2012-03-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
11894 CVE-2012-0772 119 DoS Exec Code Overflow Mem. Corr. 2012-03-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
11895 CVE-2012-0771 119 DoS Exec Code Overflow Mem. Corr. 2018-02-19 2018-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.
11896 CVE-2012-0768 399 DoS Exec Code Mem. Corr. 2012-03-05 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
11897 CVE-2012-0766 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-25
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.
11898 CVE-2012-0764 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-03-21
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.
11899 CVE-2012-0763 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.
11900 CVE-2012-0762 119 DoS Exec Code Overflow Mem. Corr. 2012-02-15 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.