CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12401 CVE-2011-2953 119 Exec Code Overflow 2011-08-18 2011-10-06
10.0
None Remote Low Not required Complete Complete Complete
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
12402 CVE-2011-2952 399 Exec Code 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
12403 CVE-2011-2951 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
12404 CVE-2011-2950 119 Exec Code Overflow 2011-08-18 2012-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
12405 CVE-2011-2949 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.
12406 CVE-2011-2948 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
12407 CVE-2011-2946 Exec Code 2011-08-18 2011-10-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.
12408 CVE-2011-2945 119 Exec Code Overflow 2011-08-18 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.
12409 CVE-2011-2940 119 DoS Exec Code Overflow Mem. Corr. 2011-08-25 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
12410 CVE-2011-2921 273 Exec Code 2019-11-19 2019-11-21
10.0
None Remote Low Not required Complete Complete Complete
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
12411 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
12412 CVE-2011-2884 2011-07-27 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
12413 CVE-2011-2883 20 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
12414 CVE-2011-2882 119 Exec Code Overflow 2011-07-21 2011-09-22
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
12415 CVE-2011-2873 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12416 CVE-2011-2872 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12417 CVE-2011-2871 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12418 CVE-2011-2870 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12419 CVE-2011-2869 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12420 CVE-2011-2868 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12421 CVE-2011-2867 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12422 CVE-2011-2833 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
12423 CVE-2011-2825 416 DoS 2011-08-29 2020-05-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
12424 CVE-2011-2822 20 2011-08-29 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
12425 CVE-2011-2806 119 DoS Exec Code Overflow Mem. Corr. 2011-08-29 2020-05-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
12426 CVE-2011-2767 94 Exec Code 2018-08-26 2019-09-24
10.0
None Remote Low Not required Complete Complete Complete
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
12427 CVE-2011-2764 20 Exec Code 2011-08-04 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.
12428 CVE-2011-2747 94 Exec Code 2011-07-28 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
12429 CVE-2011-2740 264 Exec Code 2011-11-09 2012-02-17
9.3
None Remote Medium Not required Complete Complete Complete
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
12430 CVE-2011-2738 Exec Code Overflow 2011-09-19 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
12431 CVE-2011-2717 74 Exec Code 2019-11-27 2019-12-18
10.0
None Remote Low Not required Complete Complete Complete
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
12432 CVE-2011-2685 119 Exec Code Overflow 2011-07-21 2012-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
12433 CVE-2011-2681 20 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
12434 CVE-2011-2680 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."
12435 CVE-2011-2667 119 DoS Exec Code Overflow Mem. Corr. 2011-07-28 2021-04-12
10.0
None Remote Low Not required Complete Complete Complete
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
12436 CVE-2011-2663 119 Exec Code Overflow 2011-10-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.
12437 CVE-2011-2662 189 Exec Code 2011-10-08 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.
12438 CVE-2011-2656 Exec Code 2011-10-24 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2655.
12439 CVE-2011-2655 Exec Code 2011-10-24 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656.
12440 CVE-2011-2654 20 Exec Code 2011-09-06 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
12441 CVE-2011-2653 22 Exec Code Dir. Trav. 2011-12-08 2012-03-05
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
12442 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
12443 CVE-2011-2610 2011-07-01 2011-09-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
12444 CVE-2011-2595 119 Exec Code Overflow 2011-09-14 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.
12445 CVE-2011-2594 119 Exec Code Overflow 2011-09-02 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field.
12446 CVE-2011-2592 119 Exec Code Overflow 2014-06-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.
12447 CVE-2011-2591 119 Exec Code Overflow 2011-08-05 2011-09-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.
12448 CVE-2011-2590 20 2011-08-09 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter.
12449 CVE-2011-2589 119 Exec Code Overflow 2011-08-09 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument.
12450 CVE-2011-2555 255 2011-08-29 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.