Total
248623 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0765 | 2 Adobe, Microsoft | 3 Robohelp, Windows, Word | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. | |||||
CVE-2011-2077 | 1 Inventivetec | 1 Mediacast | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. | |||||
CVE-2010-1895 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2023-12-10 | 7.2 HIGH | N/A |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." | |||||
CVE-2011-0202 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. | |||||
CVE-2010-2204 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2011-4567 | 1 Zen-cart | 1 Zen Cart | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. | |||||
CVE-2010-3156 | 1 K2top | 1 K2editor | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
CVE-2010-0863 | 1 Oracle | 1 Industry Product Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||
CVE-2010-2278 | 1 Ibm | 1 Lotus Connections | 2023-12-10 | 4.0 MEDIUM | N/A |
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | |||||
CVE-2010-1112 | 1 Tristan Barczyk | 1 Klonews | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
CVE-2010-3888 | 1 Microsoft | 1 Windows | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. | |||||
CVE-2009-4901 | 1 Muscle | 1 Pcsc-lite | 2023-12-10 | 2.1 LOW | N/A |
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. | |||||
CVE-2010-2089 | 1 Python | 1 Python | 2023-12-10 | 5.0 MEDIUM | N/A |
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | |||||
CVE-2011-4617 | 1 Python | 1 Virtualenv | 2023-12-10 | 1.2 LOW | N/A |
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | |||||
CVE-2010-1974 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1168. Reason: This candidate is a duplicate of CVE-2010-1168. Notes: All CVE users should reference CVE-2010-1168 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2010-2511 | 1 2daybiz | 1 Multi Level Marketing Software | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | |||||
CVE-2011-0619 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. | |||||
CVE-2010-3253 | 1 Google | 1 Chrome | 2023-12-10 | 10.0 HIGH | N/A |
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2010-3739 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 6.4 MEDIUM | N/A |
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | |||||
CVE-2010-2981 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2023-12-10 | 7.1 HIGH | N/A |
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. |