CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9801 CVE-2010-3572 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9802 CVE-2010-3571 Exec Code Overflow 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
9803 CVE-2010-3569 Exec Code 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
9804 CVE-2010-3568 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
9805 CVE-2010-3567 2010-10-19 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
9806 CVE-2010-3566 Overflow 2010-10-19 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
9807 CVE-2010-3565 Overflow Mem. Corr. 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
9808 CVE-2010-3563 Bypass 2010-10-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
9809 CVE-2010-3562 DoS Exec Code 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
9810 CVE-2010-3559 Exec Code Overflow 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
9811 CVE-2010-3558 2010-10-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9812 CVE-2010-3556 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9813 CVE-2010-3555 Exec Code 2010-10-19 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
9814 CVE-2010-3554 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
9815 CVE-2010-3553 2010-10-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
9816 CVE-2010-3552 2010-10-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9817 CVE-2010-3550 2010-10-19 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9818 CVE-2010-3510 2011-01-19 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager.
9819 CVE-2010-3509 2010-10-13 2010-11-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.
9820 CVE-2010-3491 20 DoS Exec Code +Info 2010-10-26 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
9821 CVE-2010-3454 189 DoS Exec Code 2011-01-28 2015-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
9822 CVE-2010-3453 119 DoS Exec Code Overflow 2011-01-28 2015-11-17
9.3
None Remote Medium Not required Complete Complete Complete
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
9823 CVE-2010-3452 399 DoS Exec Code 2011-01-28 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.
9824 CVE-2010-3451 DoS Exec Code 2011-01-28 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.
9825 CVE-2010-3450 22 Dir. Trav. 2011-01-28 2015-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
9826 CVE-2010-3434 119 DoS Exec Code Overflow 2010-09-30 2011-03-23
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.
9827 CVE-2010-3416 119 DoS Overflow Mem. Corr. 2010-09-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9828 CVE-2010-3415 119 DoS Overflow Mem. Corr. 2010-09-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9829 CVE-2010-3414 119 DoS Overflow Mem. Corr. 2010-09-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.
9830 CVE-2010-3412 362 2010-09-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
9831 CVE-2010-3410 399 DoS 2010-09-16 2010-09-17
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
9832 CVE-2010-3409 399 DoS 2010-09-16 2010-09-17
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles.
9833 CVE-2010-3408 399 DoS 2010-09-16 2010-09-17
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs during parsing.
9834 CVE-2010-3407 119 1 Exec Code Overflow 2010-09-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
9835 CVE-2010-3403 Exec Code 2010-09-16 2010-09-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file.
9836 CVE-2010-3402 Exec Code 2010-09-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.
9837 CVE-2010-3398 2010-09-15 2010-09-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.
9838 CVE-2010-3397 Exec Code 2010-09-15 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.
9839 CVE-2010-3346 94 Exec Code Mem. Corr. 2010-12-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9840 CVE-2010-3345 94 Exec Code Mem. Corr. 2010-12-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9841 CVE-2010-3343 94 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9842 CVE-2010-3340 94 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9843 CVE-2010-3337 +Priv 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
9844 CVE-2010-3336 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
9845 CVE-2010-3335 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
9846 CVE-2010-3334 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
9847 CVE-2010-3333 119 Exec Code Overflow 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
9848 CVE-2010-3331 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9849 CVE-2010-3329 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
9850 CVE-2010-3328 399 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.