Total
2548 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1951 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. | |||||
CVE-2012-1946 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. | |||||
CVE-2012-1940 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | |||||
CVE-2012-1887 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." | |||||
CVE-2012-1867 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." | |||||
CVE-2012-1813 | 1 C3-ilex | 1 Eoscada | 2024-11-21 | 7.8 HIGH | N/A |
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000. | |||||
CVE-2012-1811 | 1 C3-ilex | 1 Eoscada | 2024-11-21 | 7.8 HIGH | N/A |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. | |||||
CVE-2012-1809 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | |||||
CVE-2012-1663 | 1 Gnu | 1 Gnutls | 2024-11-21 | 7.5 HIGH | N/A |
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. | |||||
CVE-2012-1616 | 2 Argyllcms, Color | 2 Argyllcms, Icclib | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file. | |||||
CVE-2012-1601 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | N/A |
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. | |||||
CVE-2012-1596 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 5.0 MEDIUM | N/A |
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. | |||||
CVE-2012-1595 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 4.3 MEDIUM | N/A |
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. | |||||
CVE-2012-1588 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | N/A |
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | |||||
CVE-2012-1585 | 1 Openstack | 1 Nova | 2024-11-21 | 4.0 MEDIUM | N/A |
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. | |||||
CVE-2012-1583 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.0 MEDIUM | N/A |
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. | |||||
CVE-2012-1558 | 1 Yassl | 1 Cyassl | 2024-11-21 | 5.0 MEDIUM | N/A |
yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. | |||||
CVE-2012-1539 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." | |||||
CVE-2012-1538 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." | |||||
CVE-2012-1529 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." |