Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2369 | 1 Susie Ro | 1 Lhasa | 2010-10-18 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-2578 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-18 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. | |||||
| CVE-2010-2998 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-18 | 9.3 HIGH | N/A |
| Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. | |||||
| CVE-2010-3748 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-18 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2010-3750 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-18 | 9.3 HIGH | N/A |
| rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. | |||||
| CVE-2010-3751 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-18 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. | |||||
| CVE-2010-3979 | 1 Sap | 1 Businessobjects | 2010-10-18 | 5.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | |||||
| CVE-2010-3980 | 1 Sap | 1 Businessobjects | 2010-10-18 | 4.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | |||||
| CVE-2010-2601 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Professional Software | 2010-10-14 | 7.6 HIGH | N/A |
| Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2010-3934 | 1 Rim | 2 Blackberry 9700, Blackberry Device Software | 2010-10-14 | 6.8 MEDIUM | N/A |
| The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5009 | 1 Infradead | 1 Openconnect | 2010-10-14 | 5.0 MEDIUM | N/A |
| Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation. | |||||
| CVE-2010-3278 | 2010-10-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3110. Reason: This candidate is a reservation duplicate of CVE-2010-3110. Notes: All CVE users should reference CVE-2010-3110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-3901 | 1 Infradead | 1 Openconnect | 2010-10-13 | 6.4 MEDIUM | N/A |
| OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. | |||||
| CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2010-10-13 | 2.1 LOW | N/A |
| Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | |||||
| CVE-2010-2951 | 1 Squid-cache | 1 Squid | 2010-10-12 | 5.0 MEDIUM | N/A |
| dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | |||||
| CVE-2010-3085 | 1 David Shadoff | 1 Mednafen | 2010-10-12 | 10.0 HIGH | N/A |
| The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. | |||||
| CVE-2010-3887 | 1 Apple | 2 Mac Os X, Mail | 2010-10-11 | 4.3 MEDIUM | N/A |
| The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | |||||
| CVE-2010-3883 | 1 Cmsmadesimple | 1 Cms Made Simple | 2010-10-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. | |||||
| CVE-2010-3882 | 1 Cmsmadesimple | 1 Cms Made Simple | 2010-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module. | |||||
| CVE-2010-3088 | 2 Jianping Yu, Pidgin | 2 Pidgin-knotify, Pidgin | 2010-10-11 | 5.1 MEDIUM | N/A |
| The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message. | |||||