# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
77251 |
CVE-2010-4495 |
|
|
Exec Code |
2010-12-17 |
2010-12-20 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. |
77252 |
CVE-2010-4494 |
399 |
|
DoS |
2010-12-07 |
2017-09-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. |
77253 |
CVE-2010-4493 |
399 |
|
DoS |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. |
77254 |
CVE-2010-4492 |
399 |
|
DoS |
2010-12-07 |
2017-09-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. |
77255 |
CVE-2010-4491 |
264 |
|
DoS Mem. Corr. |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. |
77256 |
CVE-2010-4490 |
|
|
DoS |
2010-12-07 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error. |
77257 |
CVE-2010-4489 |
119 |
|
DoS Overflow |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression. |
77258 |
CVE-2010-4488 |
287 |
|
DoS |
2010-12-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
77259 |
CVE-2010-4487 |
|
|
|
2010-12-07 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file." |
77260 |
CVE-2010-4486 |
399 |
|
DoS |
2010-12-07 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling. |
77261 |
CVE-2010-4485 |
264 |
|
DoS |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. |
77262 |
CVE-2010-4484 |
|
|
DoS |
2010-12-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors. |
77263 |
CVE-2010-4483 |
264 |
|
Bypass |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. |
77264 |
CVE-2010-4482 |
|
|
Bypass |
2010-12-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors. |
77265 |
CVE-2010-4481 |
287 |
|
Bypass +Info |
2010-12-17 |
2011-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. |
77266 |
CVE-2010-4480 |
79 |
1
|
XSS |
2010-12-08 |
2011-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[[email protected]@page]". |
77267 |
CVE-2010-4479 |
|
|
DoS Exec Code |
2010-12-07 |
2011-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. |
77268 |
CVE-2010-4478 |
287 |
|
Bypass |
2010-12-06 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. |
77269 |
CVE-2010-4476 |
|
|
DoS |
2011-02-17 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. |
77270 |
CVE-2010-4475 |
|
|
|
2011-02-17 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447. |
77271 |
CVE-2010-4474 |
|
|
|
2011-02-17 |
2017-12-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. |
77272 |
CVE-2010-4473 |
|
|
|
2011-02-17 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462. |
77273 |
CVE-2010-4472 |
|
|
|
2011-02-17 |
2017-12-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." |
77274 |
CVE-2010-4471 |
|
|
|
2011-02-17 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. |
77275 |
CVE-2010-4470 |
|
|
|
2011-02-17 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." |
77276 |
CVE-2010-4469 |
|
|
|
2011-02-17 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." |
77277 |
CVE-2010-4468 |
|
|
|
2011-02-17 |
2017-12-21 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. |
77278 |
CVE-2010-4467 |
|
|
|
2011-02-17 |
2017-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
77279 |
CVE-2010-4466 |
|
|
|
2011-02-17 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. |
77280 |
CVE-2010-4465 |
|
|
|
2011-02-17 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." |
77281 |
CVE-2010-4464 |
|
|
|
2011-01-19 |
2017-08-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. |
77282 |
CVE-2010-4463 |
|
|
|
2011-02-17 |
2017-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
77283 |
CVE-2010-4462 |
|
|
|
2011-02-17 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473. |
77284 |
CVE-2010-4461 |
|
|
|
2011-01-19 |
2017-08-16 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. |
77285 |
CVE-2010-4460 |
|
|
|
2011-01-19 |
2017-08-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. |
77286 |
CVE-2010-4459 |
|
|
|
2011-01-19 |
2017-08-16 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs. |
77287 |
CVE-2010-4458 |
|
|
|
2011-01-19 |
2017-08-16 |
4.1 |
None |
Local |
Medium |
Multiple systems |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS. |
77288 |
CVE-2010-4457 |
|
|
|
2011-01-19 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. |
77289 |
CVE-2010-4456 |
|
|
|
2011-01-19 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. |
77290 |
CVE-2010-4455 |
|
|
|
2011-01-19 |
2017-08-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin. |
77291 |
CVE-2010-4454 |
|
|
|
2011-02-17 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473. |
77292 |
CVE-2010-4453 |
|
|
|
2011-01-19 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. |
77293 |
CVE-2010-4452 |
|
|
|
2011-02-17 |
2017-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. |
77294 |
CVE-2010-4451 |
|
|
|
2011-02-17 |
2017-12-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. |
77295 |
CVE-2010-4450 |
|
|
|
2011-02-17 |
2018-10-30 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. |
77296 |
CVE-2010-4449 |
|
|
|
2011-01-19 |
2017-08-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700. |
77297 |
CVE-2010-4448 |
|
|
|
2011-02-17 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." |
77298 |
CVE-2010-4447 |
|
|
|
2011-02-17 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. |
77299 |
CVE-2010-4446 |
|
|
|
2011-01-19 |
2017-08-16 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand. |
77300 |
CVE-2010-4445 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. |