CVE Daily
← All years

All CVEs — 2010

Page 5/25.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2010-10-19
Medium

CVE-2010-3495

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a…

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2010-3494

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediatel…

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2009-5011

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2009-5010

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362
Read more
Medium

CVE-2008-7264

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command…

CVSS: 4.0 CWE: CWE-20
Read more
High

CVE-2008-7263

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-7262

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a…

CVSS: 6.5 CWE: CWE-22
Read more
Medium

CVE-2007-6739

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2007-6737

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access…

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2007-6736

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2)…

CVSS: 6.5 CWE: CWE-22
Read more
Critical

CVE-2010-3751

Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3750

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction w…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3749

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote att…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3748

Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an u…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2010-3747

An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during p…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-2998

Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-2578

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a c…

CVSS: 9.3 CWE: CWE-119
Read more
2010-10-18
Medium

CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via th…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2010-3981

Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Paramet…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-3979

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2010-3841

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or…

CVSS: 4.3 CWE: CWE-79
Read more
2010-10-14
High

CVE-2010-2601

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, a…

CVSS: 7.6 CWE: CWE-119
Read more
Medium

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output po…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2010-3901

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1)…

CVSS: 6.4 CWE: CWE-20
Read more
Medium

CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive info…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2010-3076

The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection…

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2009-5007

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.

CVSS: 3.3 CWE: CWE-59
Read more
2010-10-13
Critical

CVE-2010-3331

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to ex…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2010-3330

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via…

CVSS: 6.5 CWE: CWE-200
Read more
Critical

CVE-2010-3329

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2010-3328

Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecifi…

CVSS: 8.8 CWE: CWE-416
Read more
Medium

CVE-2010-3327

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sens…

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2010-3326

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2010-3325

Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive informatio…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2010-3243

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoin…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2010-3242

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3241

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute ar…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3240

Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3239

Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3238

Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3237

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Rec…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3236

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute a…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3235

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3234

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3233

Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "L…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3232

Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3231

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code…

CVSS: 9.3 CWE: CWE-20
Read more
High

CVE-2010-3229

The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client…

CVSS: 7.1 CWE: CWE-20
Read more
Critical

CVE-2010-3228

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application th…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2010-3222

Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that…

CVSS: 7.2 CWE: CWE-119
Read more
Critical

CVE-2010-3221

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitr…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3220

Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word P…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3219

Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerabili…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3218

Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3216

Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory cor…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3215

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a craft…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3214

Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel,…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-2750

Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vul…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-2748

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-2747

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafte…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2010-2746

Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and…

CVSS: 7.6 CWE: CWE-119
Read more
Critical

CVE-2010-2745

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafte…

CVSS: 9.3 CWE: CWE-94
Read more
Low

CVE-2010-0808

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive f…

CVSS: 2.6 CWE: CWE-200
Read more
2010-10-12
Critical

CVE-2010-3085

The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2010-3110

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119
Read more
2010-10-08
Medium

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2010-3884

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2010-3883

Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2010-3882

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global C…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-3743

Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-3088

The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.

CVSS: 5.1 CWE: CWE-94
Read more
High

CVE-2010-2797

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defau…

CVSS: 7.5 CWE: CWE-22
Read more
2010-10-07
Medium

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directo…

CVSS: 6.4 CWE: CWE-22
Read more
Low

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

CVSS: 3.3 CWE: CWE-59
Read more
Medium

CVE-2010-3690

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-1322

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, w…

CVSS: 6.5 CWE: CWE-20
Read more
2010-10-06
Critical

CVE-2010-3658

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3632

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3631

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3629

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnera…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3628

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3627

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3626

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerab…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3625

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnera…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2010-3624

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3623

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3622

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3621

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-3620

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnera…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-3619

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-2890

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2010-2889

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerab…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2010-2888

Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2010-2367

Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
2010-10-05
Medium

CVE-2010-3763

Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-3762

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause…

CVSS: 4.3 CWE: CWE-20
Read more
Critical

CVE-2010-3761

Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka Z…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2010-3759

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2010-3758

Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to ex…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2010-3757

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remot…

CVSS: 10.0 CWE: CWE-78
Read more
Medium

CVE-2010-3756

The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate a…

CVSS: 5.0 CWE: CWE-20
Read more
Critical

CVE-2010-3754

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields…

CVSS: 10.0 CWE: CWE-78
Read more
Medium

CVE-2010-3753

programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_bann…

CVSS: 6.5 CWE: CWE-78
Read more
Medium

CVE-2010-3752

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_d…

CVSS: 6.5 CWE: CWE-78
Read more
Medium

CVE-2010-3308

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long c…

CVSS: 6.5 CWE: CWE-94
Read more
Low

CVE-2010-3303

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2010-3302

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1)…

CVSS: 6.5 CWE: CWE-119
Read more
High

CVE-2010-3742

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir p…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2010-3739

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances i…

CVSS: 6.4 CWE: CWE-287
Read more
Low

CVE-2010-3732

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows fo…

CVSS: 3.5 CWE: CWE-20
Read more
Critical

CVE-2010-3731

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10,…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2010-3729

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.8 CWE: CWE-190
Read more
High

CVE-2010-3307

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) f…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2010-2653

Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by c…

CVSS: 6.9 CWE: CWE-362
Read more
Low

CVE-2010-2535

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

CVSS: 3.5 CWE: CWE-79
Read more
2010-10-04
Medium

CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corrupti…

CVSS: 4.7 CWE: CWE-190
Read more
Medium

CVE-2010-3437

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory…

CVSS: 6.6 CWE: CWE-476
Read more
High

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to…

CVSS: 8.8 CWE: CWE-704
Read more
Medium

CVE-2010-1623

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…

CVSS: 5.0 CWE: CWE-119
Read more