Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-1452 | 5.0 |
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
|
01-11-2023 - 15:32 | 28-07-2010 - 20:00 | |
CVE-2010-4261 | 7.5 |
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOT
|
13-02-2023 - 04:28 | 07-12-2010 - 13:53 | |
CVE-2010-4260 | 5.0 |
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #
|
13-02-2023 - 04:28 | 07-12-2010 - 13:53 | |
CVE-2010-3870 | 6.8 |
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protec
|
13-02-2023 - 04:27 | 12-11-2010 - 21:00 | |
CVE-2010-3855 | 6.8 |
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
|
13-02-2023 - 04:26 | 26-11-2010 - 20:00 | |
CVE-2010-3709 | 4.3 |
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
|
13-02-2023 - 04:25 | 09-11-2010 - 01:00 | |
CVE-2010-3089 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
|
13-02-2023 - 04:22 | 15-09-2010 - 20:00 | |
CVE-2010-3069 | 7.5 |
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file
|
13-02-2023 - 04:21 | 15-09-2010 - 18:00 | |
CVE-2010-2068 | 5.0 |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows rem
|
13-02-2023 - 04:19 | 18-06-2010 - 16:30 | |
CVE-2010-3436 | 5.0 |
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
|
01-09-2022 - 16:32 | 09-11-2010 - 01:00 | |
CVE-2010-3814 | 6.8 |
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueT
|
26-01-2021 - 12:41 | 26-11-2010 - 20:00 | |
CVE-2010-4494 | 7.5 |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath
|
31-07-2020 - 18:38 | 07-12-2010 - 21:00 | |
CVE-2010-4008 | 4.3 |
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca
|
04-06-2020 - 20:31 | 17-11-2010 - 01:00 | |
CVE-2010-4020 | 3.5 |
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the smal
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-1323 | 2.6 |
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-1324 | 4.3 |
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum,
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-4021 | 2.1 |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, ak
|
21-01-2020 - 15:45 | 02-12-2010 - 16:22 | |
CVE-2010-4409 | 5.0 |
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
|
30-10-2018 - 16:26 | 06-12-2010 - 20:13 | |
CVE-2006-7243 | 5.0 |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
CVE-2010-0405 | 5.1 |
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
|
10-10-2018 - 19:52 | 28-09-2010 - 18:00 | |
CVE-2010-4009 | 9.3 |
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3802 | 9.3 |
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-4150 | 5.0 |
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 07-12-2010 - 22:00 | |
CVE-2010-3801 | 9.3 |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3315 | 6.0 |
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, whi
|
19-09-2017 - 01:31 | 04-10-2010 - 21:00 | |
CVE-2011-0170 | 9.3 |
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2010-3710 | 4.3 |
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) v
|
23-08-2016 - 02:02 | 25-10-2010 - 20:01 | |
CVE-2011-0191 | 9.3 |
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craft
|
21-02-2014 - 04:39 | 03-03-2011 - 20:00 | |
CVE-2011-0192 | 9.3 |
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application cras
|
21-02-2014 - 04:39 | 03-03-2011 - 20:00 | |
CVE-2011-1417 | 6.8 |
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicatio
|
30-03-2012 - 04:00 | 11-03-2011 - 17:55 | |
CVE-2011-0182 | 7.2 |
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
|
14-02-2012 - 04:03 | 23-03-2011 - 02:00 | |
CVE-2011-0187 | 4.3 |
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
|
21-10-2011 - 02:51 | 23-03-2011 - 02:00 | |
CVE-2011-0184 | 6.8 |
QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.
|
20-10-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0188 | 6.8 |
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitr
|
24-08-2011 - 03:15 | 23-03-2011 - 02:00 | |
CVE-2011-0186 | 6.8 |
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.
|
11-08-2011 - 02:48 | 23-03-2011 - 02:00 | |
CVE-2011-0181 | 6.8 |
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
|
27-06-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2010-2950 | 6.8 |
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not pr
|
04-05-2011 - 02:49 | 28-09-2010 - 18:00 | |
CVE-2011-0175 | 6.8 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
|
24-03-2011 - 18:35 | 23-03-2011 - 02:00 | |
CVE-2011-0173 | 6.8 |
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0176 | 6.8 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0183 | 5.0 |
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0177 | 6.8 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0180 | 2.1 |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0178 | 2.1 |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this di
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0179 | 6.8 |
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0172 | 4.9 |
AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0174 | 6.8 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.
|
24-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2010-4479 | 7.5 |
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability
|
24-03-2011 - 02:54 | 07-12-2010 - 13:53 | |
CVE-2010-3434 | 9.3 |
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of th
|
24-03-2011 - 02:52 | 30-09-2010 - 15:00 | |
CVE-2011-0189 | 5.0 |
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vul
|
23-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0194 | 6.8 |
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
|
23-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0193 | 6.8 |
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
|
23-03-2011 - 04:00 | 23-03-2011 - 02:00 | |
CVE-2011-0190 | 4.3 |
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an
|
23-03-2011 - 04:00 | 23-03-2011 - 02:00 |