Total 18194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-0657 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.8 Critical
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
CVE-2010-5333 2 Integard Home Project, Integard Pro Project 2 Integard Home, Integard Pro 2024-11-21 9.8 Critical
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVE-2010-4815 1 Coppermine-gallery 1 Coppermine Gallery 2024-11-21 9.8 Critical
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
CVE-2010-4660 1 Status 1 Statusnet 2024-11-21 9.8 Critical
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVE-2010-4533 2 Debian, Offlineimap 2 Debian Linux, Offlineimap 2024-11-21 9.8 Critical
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-4239 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 9.8 Critical
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVE-2010-4205 1 Google 1 Chrome 2024-11-21 9.8 Critical
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-4204 4 Fedoraproject, Google, Redhat and 1 more 4 Fedora, Chrome, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-4203 3 Google, Redhat, Webmproject 6 Chrome, Enterprise Linux, Enterprise Linux Desktop and 3 more 2024-11-21 9.8 Critical
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
CVE-2010-4202 2 Google, Linux 2 Chrome, Linux Kernel 2024-11-21 9.8 Critical
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
CVE-2010-4201 1 Google 1 Chrome 2024-11-21 9.8 Critical
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
CVE-2010-4197 4 Fedoraproject, Google, Redhat and 1 more 4 Fedora, Chrome, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
CVE-2010-4042 2 Google, Opensuse 2 Chrome, Opensuse 2024-11-21 9.8 Critical
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
CVE-2010-4041 2 Google, Linux 2 Chrome, Linux Kernel 2024-11-21 9.8 Critical
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-4039 2 Google, Linux 2 Chrome, Linux Kernel 2024-11-21 9.8 Critical
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
CVE-2010-3729 1 Google 1 Chrome 2024-11-21 9.8 Critical
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-3438 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project 3 Debian Linux, Fedora, Libpoe-component-irc-perl 2024-11-21 9.8 Critical
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
CVE-2010-3416 2 Google, Linux 2 Chrome, Linux Kernel 2024-11-21 9.8 Critical
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2010-3375 1 Qtparted Project 1 Qtparted 2024-11-21 9.8 Critical
qtparted has insecure library loading which may allow arbitrary code execution
CVE-2010-2941 7 Apple, Canonical, Debian and 4 more 13 Cups, Mac Os X, Mac Os X Server and 10 more 2024-11-21 9.8 Critical
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.