Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2003-0356 | 10.0 |
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) R
|
16-02-2024 - 20:39 | 09-06-2003 - 04:00 | |
CVE-2010-2068 | 5.0 |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows rem
|
13-02-2023 - 04:19 | 18-06-2010 - 16:30 | |
CVE-2009-4021 | 4.9 |
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
|
13-02-2023 - 02:20 | 25-11-2009 - 16:30 | |
CVE-2009-2908 | 4.9 |
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
|
13-02-2023 - 02:20 | 13-10-2009 - 10:30 | |
CVE-2010-0986 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
|
03-11-2022 - 17:35 | 13-05-2010 - 17:30 | |
CVE-2010-3330 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information D
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2002-1188 | 6.4 |
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security chec
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2005-1989 | 7.5 |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2010-2730 | 9.3 |
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.mic
|
05-02-2021 - 15:37 | 15-09-2010 - 19:00 | |
CVE-2010-2731 | 6.8 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted
|
23-11-2020 - 19:49 | 15-09-2010 - 19:00 | |
CVE-2009-0590 | 5.0 |
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
|
03-11-2020 - 17:38 | 27-03-2009 - 16:30 | |
CVE-2010-3413 | 5.0 |
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
31-07-2020 - 19:11 | 16-09-2010 - 21:00 | |
CVE-2010-3282 | 1.9 |
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root
|
29-01-2020 - 15:27 | 09-01-2020 - 21:15 | |
CVE-2003-0822 | 7.5 |
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
|
30-04-2019 - 14:27 | 15-12-2003 - 05:00 | |
CVE-2006-0010 | 9.3 |
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded
|
30-04-2019 - 14:27 | 10-01-2006 - 22:03 | |
CVE-2011-0096 | 4.3 |
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for cont
|
26-02-2019 - 14:04 | 31-01-2011 - 20:00 | |
CVE-2010-0476 | 10.0 |
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption an
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2010-0485 | 6.8 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a
|
30-10-2018 - 16:27 | 08-06-2010 - 22:30 | |
CVE-2009-3800 | 9.3 |
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-3883 | 7.5 |
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to
|
30-10-2018 - 16:26 | 09-11-2009 - 19:30 | |
CVE-2010-2175 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2171 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-3872 | 9.3 |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2010-2210 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2009-3873 | 9.3 |
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem,"
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2010-2189 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute a
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2188 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 conn
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2211 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2209 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-0178 | 7.6 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript wit
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0179 | 5.1 |
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0199 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0190 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-3215 | 9.3 |
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "W
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3242 | 9.3 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Ty
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2006-3649 | 5.1 |
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006,
|
12-10-2018 - 21:40 | 09-08-2006 - 00:04 | |
CVE-2003-0821 | 7.5 |
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
|
12-10-2018 - 21:33 | 15-12-2003 - 05:00 | |
CVE-2003-0353 | 7.5 |
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
|
12-10-2018 - 21:32 | 27-08-2003 - 04:00 | |
CVE-2010-3976 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi
|
10-10-2018 - 20:06 | 19-10-2010 - 21:00 | |
CVE-2010-1397 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1401 | 9.3 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-0624 | 6.8 |
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
|
10-10-2018 - 19:53 | 15-03-2010 - 13:28 | |
CVE-2010-0528 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample
|
10-10-2018 - 19:53 | 31-03-2010 - 18:30 | |
CVE-2010-0526 | 4.3 |
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPE
|
10-10-2018 - 19:53 | 30-03-2010 - 18:30 | |
CVE-2010-0453 | 4.9 |
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_V
|
10-10-2018 - 19:52 | 03-02-2010 - 18:30 | |
CVE-2010-0059 | 6.8 |
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to i
|
10-10-2018 - 19:49 | 30-03-2010 - 17:30 | |
CVE-2009-1869 | 9.3 |
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly
|
10-10-2018 - 19:38 | 31-07-2009 - 19:30 | |
CVE-2009-1305 | 5.0 |
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-0774 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-1863 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-0626 | 7.8 |
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
|
29-09-2017 - 01:33 | 27-03-2009 - 16:30 | |
CVE-2009-4764 | 9.3 |
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1241 | 9.3 |
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1777 | 9.3 |
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
|
19-09-2017 - 01:30 | 30-07-2010 - 13:26 | |
CVE-2010-0043 | 9.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archi
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0054 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. Per: http://lists.apple.com/archives/secur
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0536 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Per: http://lists.apple.com/archives/security-announce/2010//Mar
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2009-3884 | 5.0 |
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
|
19-09-2017 - 01:29 | 09-11-2009 - 19:30 | |
CVE-2009-3881 | 7.5 |
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak v
|
19-09-2017 - 01:29 | 09-11-2009 - 19:30 | |
CVE-2009-3736 | 6.9 |
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
|
19-09-2017 - 01:29 | 29-11-2009 - 13:07 |