| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
19651 |
CVE-2010-4551 |
|
|
DoS |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. |
|
19652 |
CVE-2010-4549 |
264 |
|
Bypass |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. |
|
19653 |
CVE-2010-4546 |
264 |
|
Bypass |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. |
|
19654 |
CVE-2010-4545 |
399 |
|
DoS |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
|
19655 |
CVE-2010-4544 |
79 |
|
XSS |
2010-12-16 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
19656 |
CVE-2010-4536 |
79 |
|
XSS |
2011-01-03 |
2017-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. |
|
19657 |
CVE-2010-4534 |
264 |
|
+Info |
2011-01-10 |
2011-01-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. |
|
19658 |
CVE-2010-4531 |
119 |
|
DoS Exec Code Overflow |
2011-01-18 |
2011-02-05 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. |
|
19659 |
CVE-2010-4530 |
189 |
|
Exec Code Overflow |
2011-01-18 |
2017-08-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. |
|
19660 |
CVE-2010-4528 |
20 |
|
DoS |
2011-01-07 |
2017-09-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. |
|
19661 |
CVE-2010-4524 |
79 |
|
XSS |
2011-01-03 |
2011-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences. |
|
19662 |
CVE-2010-4522 |
79 |
|
XSS |
2010-12-30 |
2010-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. |
|
19663 |
CVE-2010-4521 |
79 |
|
XSS |
2010-12-23 |
2011-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. |
|
19664 |
CVE-2010-4520 |
79 |
|
XSS |
2010-12-23 |
2010-12-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. |
|
19665 |
CVE-2010-4518 |
79 |
|
XSS |
2010-12-09 |
2010-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. |
|
19666 |
CVE-2010-4516 |
79 |
|
XSS |
2010-12-09 |
2010-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
19667 |
CVE-2010-4515 |
79 |
|
XSS |
2010-12-09 |
2010-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. |
|
19668 |
CVE-2010-4514 |
79 |
1
|
XSS |
2010-12-09 |
2010-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information. |
|
19669 |
CVE-2010-4513 |
79 |
1
|
XSS |
2010-12-09 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php. |
|
19670 |
CVE-2010-4504 |
79 |
1
|
XSS |
2010-12-08 |
2010-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php. |
|
19671 |
CVE-2010-4499 |
|
|
|
2011-01-07 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. |
|
19672 |
CVE-2010-4497 |
79 |
|
XSS |
2011-01-07 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
19673 |
CVE-2010-4493 |
399 |
|
DoS |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. |
|
19674 |
CVE-2010-4491 |
264 |
|
DoS Mem. Corr. |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. |
|
19675 |
CVE-2010-4489 |
119 |
|
DoS Overflow |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression. |
|
19676 |
CVE-2010-4485 |
264 |
|
DoS |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. |
|
19677 |
CVE-2010-4483 |
264 |
|
Bypass |
2010-12-07 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. |
|
19678 |
CVE-2010-4480 |
79 |
1
|
XSS |
2010-12-08 |
2011-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[[email protected]@page]". |
|
19679 |
CVE-2010-4475 |
|
|
|
2011-02-17 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447. |
|
19680 |
CVE-2010-4468 |
|
|
|
2011-02-17 |
2017-12-21 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. |
|
19681 |
CVE-2010-4459 |
|
|
|
2011-01-19 |
2017-08-16 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs. |
|
19682 |
CVE-2010-4458 |
|
|
|
2011-01-19 |
2017-08-16 |
4.1 |
None |
Local |
Medium |
Multiple systems |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS. |
|
19683 |
CVE-2010-4456 |
|
|
|
2011-01-19 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. |
|
19684 |
CVE-2010-4453 |
|
|
|
2011-01-19 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. |
|
19685 |
CVE-2010-4447 |
|
|
|
2011-02-17 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. |
|
19686 |
CVE-2010-4446 |
|
|
|
2011-01-19 |
2017-08-16 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand. |
|
19687 |
CVE-2010-4445 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. |
|
19688 |
CVE-2010-4443 |
|
|
|
2011-01-19 |
2017-08-16 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS. |
|
19689 |
CVE-2010-4442 |
|
|
|
2011-01-19 |
2017-08-16 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. |
|
19690 |
CVE-2010-4440 |
|
|
|
2011-01-19 |
2017-08-16 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. |
|
19691 |
CVE-2010-4439 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop. |
|
19692 |
CVE-2010-4434 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.0 through 8.50.14 and 8.51.0 through 8.51.04 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. |
|
19693 |
CVE-2010-4430 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. |
|
19694 |
CVE-2010-4428 |
|
|
|
2011-01-19 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. |
|
19695 |
CVE-2010-4415 |
|
|
|
2011-01-19 |
2017-08-16 |
4.1 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc. |
|
19696 |
CVE-2010-4413 |
|
|
|
2011-01-19 |
2017-08-16 |
4.3 |
None |
Remote |
High |
Multiple systems |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
|
19697 |
CVE-2010-4412 |
79 |
|
XSS |
2010-12-07 |
2010-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. |
|
19698 |
CVE-2010-4411 |
|
|
Http R.Spl. |
2010-12-06 |
2014-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. |
|
19699 |
CVE-2010-4410 |
94 |
|
Http R.Spl. |
2010-12-06 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. |
|
19700 |
CVE-2010-4407 |
79 |
1
|
XSS |
2010-12-06 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters. |
