| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-2665 | 7.5 |
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Do
|
13-02-2023 - 04:33 | 06-08-2012 - 18:55 | |
| CVE-2012-3461 | 4.3 |
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decodi
|
13-02-2023 - 00:25 | 20-08-2012 - 19:55 | |
| CVE-2012-0876 | 4.3 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
|
05-08-2022 - 14:52 | 03-07-2012 - 19:55 | |
| CVE-2012-1148 | 5.0 |
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation
|
25-01-2021 - 15:44 | 03-07-2012 - 19:55 | |
| CVE-2012-1967 | 10.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
| CVE-2012-1954 | 10.0 |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
| CVE-2012-1950 | 6.4 |
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
| CVE-2012-1948 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
| CVE-2012-2688 | 10.0 |
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
|
22-12-2017 - 02:29 | 20-07-2012 - 10:40 | |
| CVE-2003-0056 | 7.2 |
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
|
11-10-2017 - 01:29 | 19-02-2003 - 05:00 | |
| CVE-2012-4000 | 4.3 |
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML
|
29-08-2017 - 01:32 | 12-07-2012 - 21:55 | |
| CVE-2012-2807 | 6.8 |
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
28-01-2014 - 04:45 | 27-06-2012 - 10:18 | |
| CVE-2012-3450 | 2.6 |
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bound
|
19-04-2013 - 03:23 | 06-08-2012 - 16:55 | |
| CVE-2012-3442 | 4.3 |
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site
|
11-04-2013 - 03:29 | 31-07-2012 - 17:55 | |
| CVE-2012-3444 | 5.0 |
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (proces
|
11-04-2013 - 03:29 | 31-07-2012 - 17:55 | |
| CVE-2012-3443 | 5.0 |
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploadin
|
11-04-2013 - 03:29 | 31-07-2012 - 17:55 | |
| CVE-2012-3292 | 7.6 |
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that doe
|
07-09-2012 - 04:30 | 07-06-2012 - 20:55 | |
| CVE-2012-0048 | 4.3 |
OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
|
27-08-2012 - 04:00 | 25-08-2012 - 10:29 |