Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2872 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2435 | 1 Salvo Tomaselli | 1 Weborf Http Server | 2018-10-10 | 5.0 MEDIUM | N/A |
| Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. | |||||
| CVE-2010-2293 | 1 D-link | 1 Di-604 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. | |||||
| CVE-2010-2193 | 1 Ca | 2 Psformx Active X Control, Webscan Active X Control | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2010-2289 | 1 Juniper | 1 Secure Access | 2018-10-10 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. | |||||
| CVE-2010-2629 | 1 Cisco | 2 Ace 4710, Content Services Switch 11500 | 2018-10-10 | 7.5 HIGH | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | |||||
| CVE-2010-2580 | 1 Mailenable | 1 Mailenable | 2018-10-10 | 5.0 MEDIUM | N/A |
| The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | |||||
| CVE-2010-2251 | 1 Alexander V. Lukyanov | 1 Lftp | 2018-10-10 | 7.5 HIGH | N/A |
| The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | |||||
| CVE-2010-1587 | 1 Apache | 1 Activemq | 2018-10-10 | 5.0 MEDIUM | N/A |
| The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. | |||||
| CVE-2010-1585 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-10 | 9.3 HIGH | N/A |
| The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | |||||
| CVE-2010-1576 | 1 Cisco | 2 Ace 4710, Content Services Switch 11500 | 2018-10-10 | 7.5 HIGH | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. | |||||
| CVE-2010-1845 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. | |||||
| CVE-2010-1163 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 6.9 MEDIUM | N/A |
| The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. | |||||
| CVE-2010-1167 | 1 Fetchmail | 1 Fetchmail | 2018-10-10 | 4.3 MEDIUM | N/A |
| fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. | |||||
| CVE-2010-0552 | 1 Geopp | 1 Geo\+\+ Gncaster | 2018-10-10 | 7.5 HIGH | N/A |
| Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI. | |||||
| CVE-2010-0705 | 2 Avast, Microsoft | 4 Avast Antivirus Home, Avast Antivirus Professional, Windows 2000 and 1 more | 2018-10-10 | 7.2 HIGH | N/A |
| Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | |||||
| CVE-2010-0730 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2018-10-10 | 2.6 LOW | N/A |
| The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. | |||||
| CVE-2010-0441 | 1 Asterisk | 1 Asterisk | 2018-10-10 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number. | |||||
| CVE-2010-0453 | 1 Sun | 2 Opensolaris, Solaris | 2018-10-10 | 4.9 MEDIUM | N/A |
| The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision. | |||||
| CVE-2009-4489 | 1 Cherokee-project | 1 Cherokee | 2018-10-10 | 5.0 MEDIUM | N/A |
| header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||