Security Vulnerabilities, CVEs, Published In May 2010 (Memory corruption)
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.
Max CVSS
5.0
EPSS Score
0.31%
Published
2010-05-27
Updated
2010-12-07
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Max CVSS
5.0
EPSS Score
2.33%
Published
2010-05-27
Updated
2022-08-16
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.
Max CVSS
10.0
EPSS Score
14.80%
Published
2010-05-20
Updated
2018-10-10
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
Max CVSS
7.6
EPSS Score
95.73%
Published
2010-05-13
Updated
2017-09-19
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Max CVSS
9.8
EPSS Score
2.66%
Published
2010-05-07
Updated
2024-02-08
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
Max CVSS
5.0
EPSS Score
0.26%
Published
2010-05-07
Updated
2016-08-23
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
2.04%
Published
2010-05-03
Updated
2017-09-19
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
5.0
EPSS Score
2.18%
Published
2010-05-03
Updated
2017-09-19
Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.
Max CVSS
9.3
EPSS Score
0.56%
Published
2010-05-19
Updated
2018-10-10
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.
Max CVSS
5.0
EPSS Score
9.57%
Published
2010-05-14
Updated
2023-03-31
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application.
Max CVSS
2.1
EPSS Score
0.12%
Published
2010-05-07
Updated
2020-08-14
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
Max CVSS
7.0
EPSS Score
0.04%
Published
2010-05-07
Updated
2024-02-02
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
Max CVSS
6.8
EPSS Score
0.70%
Published
2010-05-19
Updated
2021-02-02
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
Max CVSS
9.3
EPSS Score
16.25%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2021-12-16
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
Max CVSS
9.3
EPSS Score
15.17%
Published
2010-05-13
Updated
2022-04-05
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
Max CVSS
9.3
EPSS Score
42.84%
Published
2010-05-13
Updated
2022-09-29
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
Max CVSS
9.3
EPSS Score
7.32%
Published
2010-05-13
Updated
2022-09-16
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
Max CVSS
9.3
EPSS Score
9.94%
Published
2010-05-13
Updated
2022-11-03
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
Max CVSS
9.3
EPSS Score
4.36%
Published
2010-05-13
Updated
2022-11-03