Total
18194 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-0657 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | 9.8 Critical |
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." | ||||
CVE-2010-5333 | 2 Integard Home Project, Integard Pro Project | 2 Integard Home, Integard Pro | 2024-11-21 | 9.8 Critical |
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow. | ||||
CVE-2010-4815 | 1 Coppermine-gallery | 1 Coppermine Gallery | 2024-11-21 | 9.8 Critical |
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. | ||||
CVE-2010-4660 | 1 Status | 1 Statusnet | 2024-11-21 | 9.8 Critical |
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. | ||||
CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 9.8 Critical |
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | ||||
CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 9.8 Critical |
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | ||||
CVE-2010-4205 | 1 Google | 1 Chrome | 2024-11-21 | 9.8 Critical |
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2010-4204 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2010-4203 | 3 Google, Redhat, Webmproject | 6 Chrome, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 9.8 Critical |
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||||
CVE-2010-4202 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-11-21 | 9.8 Critical |
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. | ||||
CVE-2010-4201 | 1 Google | 1 Chrome | 2024-11-21 | 9.8 Critical |
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. | ||||
CVE-2010-4197 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | ||||
CVE-2010-4042 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 9.8 Critical |
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." | ||||
CVE-2010-4041 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-11-21 | 9.8 Critical |
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2010-4039 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-11-21 | 9.8 Critical |
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. | ||||
CVE-2010-3729 | 1 Google | 1 Chrome | 2024-11-21 | 9.8 Critical |
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2024-11-21 | 9.8 Critical |
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | ||||
CVE-2010-3416 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-11-21 | 9.8 Critical |
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2024-11-21 | 9.8 Critical |
qtparted has insecure library loading which may allow arbitrary code execution | ||||
CVE-2010-2941 | 7 Apple, Canonical, Debian and 4 more | 13 Cups, Mac Os X, Mac Os X Server and 10 more | 2024-11-21 | 9.8 Critical |
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. |