CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9901 CVE-2010-1490 2010-04-21 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.
9902 CVE-2010-1465 119 1 Exec Code Overflow 2010-04-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.
9903 CVE-2010-1462 22 Dir. Trav. 2010-04-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
9904 CVE-2010-1424 Exec Code 2010-04-15 2010-04-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.
9905 CVE-2010-1423 78 Exec Code 2010-04-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
9906 CVE-2010-1419 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
9907 CVE-2010-1417 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
9908 CVE-2010-1415 94 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
9909 CVE-2010-1414 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
9910 CVE-2010-1412 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
9911 CVE-2010-1410 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
9912 CVE-2010-1405 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
9913 CVE-2010-1404 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
9914 CVE-2010-1403 119 DoS Exec Code Overflow 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
9915 CVE-2010-1402 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
9916 CVE-2010-1401 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
9917 CVE-2010-1400 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
9918 CVE-2010-1399 119 DoS Exec Code Overflow 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
9919 CVE-2010-1398 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
9920 CVE-2010-1397 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
9921 CVE-2010-1396 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
9922 CVE-2010-1392 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
9923 CVE-2010-1387 399 DoS Exec Code 2010-06-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
9924 CVE-2010-1386 264 2010-08-19 2011-08-23
10.0
None Remote Low Not required Complete Complete Complete
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
9925 CVE-2010-1385 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
9926 CVE-2010-1383 255 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
9927 CVE-2010-1377 310 Exec Code 2010-06-17 2010-06-18
9.3
None Remote Medium Not required Complete Complete Complete
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
9928 CVE-2010-1356 Exec Code 2010-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773.
9929 CVE-2010-1349 189 1 Exec Code Overflow 2010-04-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
9930 CVE-2010-1326 264 Exec Code Bypass 2010-09-15 2011-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
9931 CVE-2010-1319 189 Exec Code Overflow 2010-04-20 2010-12-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.
9932 CVE-2010-1318 119 Exec Code Overflow 2010-04-20 2010-11-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.
9933 CVE-2010-1297 1 DoS Exec Code Mem. Corr. 2010-06-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
9934 CVE-2010-1296 119 3 Exec Code Overflow 2010-05-27 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
9935 CVE-2010-1295 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
9936 CVE-2010-1292 20 DoS Exec Code Mem. Corr. 2010-05-13 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
9937 CVE-2010-1291 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.
9938 CVE-2010-1290 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.
9939 CVE-2010-1289 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
9940 CVE-2010-1288 119 Exec Code Overflow 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.
9941 CVE-2010-1287 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
9942 CVE-2010-1286 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
9943 CVE-2010-1285 20 Exec Code Mem. Corr. 2010-06-30 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.
9944 CVE-2010-1284 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
9945 CVE-2010-1283 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
9946 CVE-2010-1281 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
9947 CVE-2010-1280 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
9948 CVE-2010-1279 94 Exec Code 2010-05-05 2010-05-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file.
9949 CVE-2010-1278 119 Exec Code Overflow 2010-04-22 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.
9950 CVE-2010-1273 20 2010-04-06 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.