Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1505 | 1 Google | 1 Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors. | |||||
| CVE-2010-1663 | 1 Google | 1 Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2009-4760 | 1 Winn | 1 Asp Guestbook | 2017-09-19 | 5.0 MEDIUM | N/A |
| Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb. | |||||
| CVE-2010-0306 | 1 Kvm Qumranet | 1 Kvm | 2017-09-19 | 4.1 MEDIUM | N/A |
| The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | |||||
| CVE-2010-0661 | 2 Apple, Google | 2 Webkit, Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. | |||||
| CVE-2010-1240 | 2 Adobe, Microsoft | 2 Acrobat Reader, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. | |||||
| CVE-2010-0310 | 1 Sun | 1 Solaris | 2017-09-19 | 6.8 MEDIUM | N/A |
| Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. | |||||
| CVE-2010-0419 | 1 Kvm Qumranet | 1 Kvm | 2017-09-19 | 4.4 MEDIUM | N/A |
| The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch. | |||||
| CVE-2010-1416 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." | |||||
| CVE-2010-1168 | 2 Perl, Rafael Garcia-suarez | 2 Perl, Safe | 2017-09-19 | 7.5 HIGH | N/A |
| The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | |||||
| CVE-2010-0530 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2017-09-19 | 2.1 LOW | N/A |
| Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. | |||||
| CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2017-09-19 | 6.4 MEDIUM | N/A |
| TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | |||||
| CVE-2010-0542 | 1 Apple | 1 Cups | 2017-09-19 | 6.8 MEDIUM | N/A |
| The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. | |||||
| CVE-2010-1805 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | |||||
| CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | |||||
| CVE-2010-0168 | 1 Mozilla | 1 Firefox | 2017-09-19 | 7.6 HIGH | N/A |
| The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. | |||||
| CVE-2010-0729 | 1 Redhat | 1 Enterprise Linux | 2017-09-19 | 6.9 MEDIUM | N/A |
| A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. | |||||
| CVE-2009-2682 | 1 Hp | 1 Hp-ux | 2017-09-19 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2009-2770 | 1 Powerupload | 1 Powerupload | 2017-09-19 | 7.5 HIGH | N/A |
| PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie. | |||||
| CVE-2009-2306 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2017-09-19 | 7.5 HIGH | N/A |
| The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | |||||