CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10951 CVE-2010-1523 119 Exec Code Overflow 2010-11-05 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
10952 CVE-2010-1518 20 DoS Exec Code Mem. Corr. 2010-08-02 2010-08-03
10.0
None Remote Low Not required Complete Complete Complete
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.
10953 CVE-2010-1517 20 2010-08-02 2010-08-03
10.0
None Remote Low Not required Complete Complete Complete
The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method.
10954 CVE-2010-1516 189 Exec Code Overflow 2010-08-17 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c.
10955 CVE-2010-1508 119 DoS Exec Code Overflow 2010-12-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
10956 CVE-2010-1505 264 2010-04-23 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
10957 CVE-2010-1502 2010-04-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
10958 CVE-2010-1490 2010-04-21 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.
10959 CVE-2010-1465 119 1 Exec Code Overflow 2010-04-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.
10960 CVE-2010-1462 22 Dir. Trav. 2010-04-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
10961 CVE-2010-1424 Exec Code 2010-04-15 2010-04-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.
10962 CVE-2010-1423 78 Exec Code 2010-04-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
10963 CVE-2010-1419 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
10964 CVE-2010-1417 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
10965 CVE-2010-1415 94 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
10966 CVE-2010-1414 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
10967 CVE-2010-1412 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
10968 CVE-2010-1410 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
10969 CVE-2010-1405 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
10970 CVE-2010-1404 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
10971 CVE-2010-1403 119 DoS Exec Code Overflow 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
10972 CVE-2010-1402 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
10973 CVE-2010-1401 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
10974 CVE-2010-1400 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
10975 CVE-2010-1399 119 DoS Exec Code Overflow 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
10976 CVE-2010-1398 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
10977 CVE-2010-1397 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
10978 CVE-2010-1396 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
10979 CVE-2010-1392 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
10980 CVE-2010-1387 399 DoS Exec Code 2010-06-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
10981 CVE-2010-1386 264 2010-08-19 2011-08-23
10.0
None Remote Low Not required Complete Complete Complete
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
10982 CVE-2010-1385 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
10983 CVE-2010-1383 255 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
10984 CVE-2010-1377 310 Exec Code 2010-06-17 2010-06-18
9.3
None Remote Medium Not required Complete Complete Complete
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
10985 CVE-2010-1356 Exec Code 2010-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773.
10986 CVE-2010-1349 189 1 Exec Code Overflow 2010-04-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
10987 CVE-2010-1326 264 Exec Code Bypass 2010-09-15 2011-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
10988 CVE-2010-1319 189 Exec Code Overflow 2010-04-20 2010-12-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.
10989 CVE-2010-1318 119 Exec Code Overflow 2010-04-20 2010-11-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.
10990 CVE-2010-1297 1 DoS Exec Code Mem. Corr. 2010-06-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
10991 CVE-2010-1296 119 3 Exec Code Overflow 2010-05-27 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
10992 CVE-2010-1295 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
10993 CVE-2010-1292 20 DoS Exec Code Mem. Corr. 2010-05-13 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
10994 CVE-2010-1291 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.
10995 CVE-2010-1290 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.
10996 CVE-2010-1289 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
10997 CVE-2010-1288 119 Exec Code Overflow 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.
10998 CVE-2010-1287 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
10999 CVE-2010-1286 119 DoS Exec Code Overflow Mem. Corr. 2010-05-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
11000 CVE-2010-1285 20 Exec Code Mem. Corr. 2010-06-30 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.