| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
70101 |
CVE-2010-4695 |
119 |
|
Overflow |
2011-01-14 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. |
|
70102 |
CVE-2010-4694 |
119 |
|
DoS Overflow |
2011-01-14 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. |
|
70103 |
CVE-2010-4693 |
79 |
|
XSS |
2011-01-10 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. |
|
70104 |
CVE-2010-4692 |
|
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. |
|
70105 |
CVE-2010-4691 |
|
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. |
|
70106 |
CVE-2010-4690 |
287 |
|
+Info |
2011-01-07 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. |
|
70107 |
CVE-2010-4689 |
264 |
|
Bypass |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. |
|
70108 |
CVE-2010-4688 |
|
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. |
|
70109 |
CVE-2010-4687 |
|
|
DoS |
2011-01-07 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. |
|
70110 |
CVE-2010-4686 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. |
|
70111 |
CVE-2010-4685 |
310 |
|
Bypass |
2011-01-07 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. |
|
70112 |
CVE-2010-4684 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. |
|
70113 |
CVE-2010-4683 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. |
|
70114 |
CVE-2010-4682 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. |
|
70115 |
CVE-2010-4681 |
|
|
Bypass |
2011-01-07 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. |
|
70116 |
CVE-2010-4680 |
264 |
|
Bypass |
2011-01-07 |
2017-08-16 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. |
|
70117 |
CVE-2010-4679 |
20 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. |
|
70118 |
CVE-2010-4678 |
264 |
|
Bypass |
2011-01-07 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. |
|
70119 |
CVE-2010-4677 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. |
|
70120 |
CVE-2010-4676 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. |
|
70121 |
CVE-2010-4675 |
264 |
|
Bypass |
2011-01-07 |
2017-08-16 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. |
|
70122 |
CVE-2010-4674 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. |
|
70123 |
CVE-2010-4673 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. |
|
70124 |
CVE-2010-4672 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. |
|
70125 |
CVE-2010-4671 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. |
|
70126 |
CVE-2010-4670 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. |
|
70127 |
CVE-2010-4669 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. |
|
70128 |
CVE-2010-4668 |
399 |
|
DoS |
2011-01-03 |
2017-08-16 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. |
|
70129 |
CVE-2010-4667 |
79 |
|
XSS |
2011-06-14 |
2011-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
70130 |
CVE-2010-4666 |
119 |
|
DoS Overflow |
2012-04-13 |
2012-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. |
|
70131 |
CVE-2010-4665 |
189 |
|
DoS Overflow |
2011-05-03 |
2014-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. |
|
70132 |
CVE-2010-4663 |
|
|
|
2011-06-08 |
2012-04-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. |
|
70133 |
CVE-2010-4656 |
119 |
|
DoS Overflow +Priv |
2011-07-18 |
2012-03-19 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. |
|
70134 |
CVE-2010-4652 |
119 |
|
DoS Exec Code Overflow |
2011-02-01 |
2011-03-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. |
|
70135 |
CVE-2010-4651 |
22 |
|
Dir. Trav. |
2011-03-11 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. |
|
70136 |
CVE-2010-4650 |
119 |
|
DoS Overflow |
2012-06-21 |
2012-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server. |
|
70137 |
CVE-2010-4649 |
189 |
|
DoS Overflow Mem. Corr. |
2011-02-18 |
2014-01-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. |
|
70138 |
CVE-2010-4647 |
79 |
|
XSS |
2011-01-13 |
2018-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. |
|
70139 |
CVE-2010-4646 |
79 |
|
XSS |
2011-01-18 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter. |
|
70140 |
CVE-2010-4645 |
189 |
|
DoS |
2011-01-10 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. |
|
70141 |
CVE-2010-4643 |
119 |
|
DoS Exec Code Overflow |
2011-01-28 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. |
|
70142 |
CVE-2010-4642 |
79 |
|
XSS |
2010-12-30 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
70143 |
CVE-2010-4641 |
89 |
|
Exec Code Sql |
2010-12-30 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
70144 |
CVE-2010-4640 |
79 |
|
XSS |
2010-12-30 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
70145 |
CVE-2010-4639 |
89 |
2
|
Exec Code Sql |
2010-12-30 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
70146 |
CVE-2010-4638 |
89 |
1
|
Exec Code Sql |
2010-12-30 |
2010-12-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. |
|
70147 |
CVE-2010-4637 |
79 |
1
|
XSS |
2010-12-30 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. |
|
70148 |
CVE-2010-4636 |
89 |
1
|
Exec Code Sql |
2010-12-30 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
|
70149 |
CVE-2010-4635 |
89 |
2
|
Exec Code Sql |
2010-12-30 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
|
70150 |
CVE-2010-4634 |
22 |
2
|
Dir. Trav. |
2010-12-30 |
2010-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party. |
