| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
54501 |
CVE-2010-3960 |
20 |
|
DoS |
2010-12-16 |
2018-10-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." |
|
54502 |
CVE-2010-3959 |
94 |
|
+Priv |
2010-12-16 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." |
|
54503 |
CVE-2010-3957 |
399 |
|
+Priv |
2010-12-16 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." |
|
54504 |
CVE-2010-3937 |
399 |
|
DoS |
2010-12-16 |
2019-05-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." |
|
54505 |
CVE-2010-3936 |
79 |
|
XSS |
2010-11-09 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." |
|
54506 |
CVE-2010-3934 |
264 |
1
|
Bypass |
2010-10-14 |
2010-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. |
|
54507 |
CVE-2010-3933 |
20 |
|
|
2010-10-27 |
2019-08-08 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
|
54508 |
CVE-2010-3931 |
79 |
|
XSS |
2011-01-20 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
|
54509 |
CVE-2010-3930 |
22 |
|
Dir. Trav. |
2011-02-01 |
2011-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. |
|
54510 |
CVE-2010-3928 |
|
|
Exec Code |
2011-01-20 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information. |
|
54511 |
CVE-2010-3927 |
|
|
+Priv |
2011-01-24 |
2017-08-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
|
54512 |
CVE-2010-3926 |
79 |
|
XSS |
2011-01-11 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
54513 |
CVE-2010-3925 |
255 |
|
+Info |
2011-01-13 |
2017-08-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. |
|
54514 |
CVE-2010-3923 |
|
|
+Priv |
2010-12-30 |
2010-12-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. |
|
54515 |
CVE-2010-3921 |
79 |
|
XSS |
2010-12-09 |
2011-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
54516 |
CVE-2010-3920 |
264 |
|
Bypass |
2010-12-08 |
2011-03-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. |
|
54517 |
CVE-2010-3919 |
264 |
|
|
2010-12-10 |
2010-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. |
|
54518 |
CVE-2010-3918 |
264 |
|
|
2010-12-10 |
2010-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. |
|
54519 |
CVE-2010-3913 |
94 |
|
Http R.Spl. |
2010-11-05 |
2010-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
54520 |
CVE-2010-3911 |
79 |
|
XSS |
2010-11-26 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. |
|
54521 |
CVE-2010-3910 |
22 |
|
Dir. Trav. |
2010-11-26 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. |
|
54522 |
CVE-2010-3909 |
94 |
|
Exec Code |
2010-11-26 |
2018-10-30 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. |
|
54523 |
CVE-2010-3908 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-05-20 |
2011-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. |
|
54524 |
CVE-2010-3906 |
79 |
1
|
XSS |
2010-12-17 |
2011-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. |
|
54525 |
CVE-2010-3903 |
|
|
DoS |
2010-10-14 |
2010-11-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. |
|
54526 |
CVE-2010-3902 |
200 |
|
+Info |
2010-10-14 |
2011-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. |
|
54527 |
CVE-2010-3901 |
20 |
|
|
2010-10-14 |
2010-10-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. |
|
54528 |
CVE-2010-3900 |
|
|
|
2010-10-14 |
2011-02-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. |
|
54529 |
CVE-2010-3899 |
399 |
1
|
DoS |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. |
|
54530 |
CVE-2010-3898 |
264 |
|
Bypass |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. |
|
54531 |
CVE-2010-3897 |
255 |
|
+Info |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. |
|
54532 |
CVE-2010-3892 |
|
|
|
2010-11-12 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. |
|
54533 |
CVE-2010-3891 |
352 |
1
|
CSRF |
2010-11-12 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. |
|
54534 |
CVE-2010-3890 |
79 |
|
XSS |
2010-11-12 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. |
|
54535 |
CVE-2010-3887 |
264 |
|
Bypass |
2010-10-08 |
2010-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. |
|
54536 |
CVE-2010-3886 |
200 |
|
+Info |
2010-10-08 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. |
|
54537 |
CVE-2010-3884 |
352 |
|
CSRF |
2010-10-08 |
2018-11-27 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
54538 |
CVE-2010-3883 |
352 |
|
CSRF |
2010-10-08 |
2010-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. |
|
54539 |
CVE-2010-3882 |
79 |
|
XSS |
2010-10-08 |
2010-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module. |
|
54540 |
CVE-2010-3881 |
200 |
|
+Info |
2010-12-23 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. |
|
54541 |
CVE-2010-3880 |
399 |
|
DoS |
2010-12-10 |
2018-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. |
|
54542 |
CVE-2010-3879 |
59 |
|
|
2011-01-22 |
2017-08-16 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. |
|
54543 |
CVE-2010-3878 |
352 |
|
CSRF |
2010-12-30 |
2010-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. |
|
54544 |
CVE-2010-3877 |
200 |
|
+Info |
2011-01-03 |
2018-10-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
54545 |
CVE-2010-3876 |
200 |
|
+Info |
2011-01-03 |
2018-10-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. |
|
54546 |
CVE-2010-3875 |
200 |
|
+Info |
2011-01-03 |
2012-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. |
|
54547 |
CVE-2010-3874 |
119 |
|
DoS Overflow Mem. Corr. |
2010-12-29 |
2012-03-19 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. |
|
54548 |
CVE-2010-3871 |
79 |
|
XSS |
2010-11-09 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
|
54549 |
CVE-2010-3870 |
20 |
|
Sql XSS Bypass |
2010-11-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. |
|
54550 |
CVE-2010-3869 |
310 |
|
|
2010-11-17 |
2010-11-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. |
