CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10301 CVE-2010-3085 94 Exec Code 2010-10-12 2010-10-13
10.0
None Remote Low Not required Complete Complete Complete
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.
10302 CVE-2010-3044 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.
10303 CVE-2010-3043 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.
10304 CVE-2010-3042 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.
10305 CVE-2010-3041 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.
10306 CVE-2010-3040 119 Exec Code Overflow 2010-11-09 2010-11-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.
10307 CVE-2010-3038 255 2010-11-22 2010-12-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.
10308 CVE-2010-3036 119 Exec Code Overflow 2010-10-29 2010-11-06
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
10309 CVE-2010-3033 264 Bypass 2010-09-10 2010-09-13
9.0
None Remote Low Single system Complete Complete Complete
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
10310 CVE-2010-3032 189 DoS Exec Code Overflow 2010-08-17 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
10311 CVE-2010-3031 119 DoS Exec Code Overflow 2010-08-17 2010-08-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service.
10312 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
10313 CVE-2010-3009 +Priv +Info 2010-09-15 2010-09-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.
10314 CVE-2010-3002 Bypass 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
10315 CVE-2010-3001 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
10316 CVE-2010-3000 189 Exec Code Overflow 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
10317 CVE-2010-2999 189 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.
10318 CVE-2010-2998 20 Exec Code 2010-10-18 2010-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.
10319 CVE-2010-2997 399 DoS Exec Code Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.
10320 CVE-2010-2996 94 Exec Code 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
10321 CVE-2010-2995 189 DoS Exec Code Overflow 2010-08-13 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
10322 CVE-2010-2994 119 Overflow 2010-08-13 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.
10323 CVE-2010-2991 94 DoS Exec Code Mem. Corr. 2010-08-11 2010-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
10324 CVE-2010-2990 119 Exec Code Overflow 2010-08-11 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
10325 CVE-2010-2984 Bypass 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
10326 CVE-2010-2978 310 Bypass 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.
10327 CVE-2010-2977 16 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
10328 CVE-2010-2976 255 2010-08-10 2010-08-10
10.0
Admin Remote Low Not required Complete Complete Complete
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.
10329 CVE-2010-2974 119 Exec Code Overflow 2010-08-05 2010-08-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
10330 CVE-2010-2972 119 Exec Code Overflow Mem. Corr. 2010-08-05 2010-08-09
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified component, when running on Apple iOS 4.0.1 on iPhone, iPad, and iPod, allows remote attackers to execute arbitrary code via a PDF file with crafted Compact Font Format (CFF) data, which triggers memory corruption, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
10331 CVE-2010-2971 119 Overflow 2010-08-05 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
10332 CVE-2010-2965 264 2010-08-05 2010-08-05
10.0
Admin Remote Low Not required Complete Complete Complete
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
10333 CVE-2010-2947 119 DoS Exec Code Overflow 2010-08-24 2011-01-14
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
10334 CVE-2010-2936 189 DoS Exec Code Overflow 2010-08-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
10335 CVE-2010-2935 189 DoS Exec Code Overflow 2010-08-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
10336 CVE-2010-2932 119 3 Exec Code Overflow 2010-08-05 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method.
10337 CVE-2010-2931 119 1 Exec Code Overflow 2010-08-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.
10338 CVE-2010-2903 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.
10339 CVE-2010-2902 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10340 CVE-2010-2901 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10341 CVE-2010-2900 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
10342 CVE-2010-2898 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
10343 CVE-2010-2897 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
10344 CVE-2010-2890 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
10345 CVE-2010-2889 20 Exec Code 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
10346 CVE-2010-2888 20 Exec Code 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
10347 CVE-2010-2887 +Priv 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
10348 CVE-2010-2884 DoS Exec Code Mem. Corr. 2010-09-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
10349 CVE-2010-2883 119 DoS Exec Code Overflow 2010-09-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
10350 CVE-2010-2882 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.