| ID: MITRE:12350 |
Title: oval:org.mitre.oval:def:12350: FlashPix Image Converter Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:12350 CVE-2010-3951 |
Severity: Low |
| Description: Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:12387 |
Title: oval:org.mitre.oval:def:12387: TIFF Image Converter Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:12387 CVE-2010-3949 |
Severity: Low |
| Description: Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:11967 |
Title: oval:org.mitre.oval:def:11967: PICT Image Converter Integer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:11967 CVE-2010-3946 |
Severity: Low |
| Description: Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office 2003 Microsoft Office Converter Pack |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:12150 |
Title: oval:org.mitre.oval:def:12150: FlashPix Image Converter Heap Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:12150 CVE-2010-3952 |
Severity: Low |
| Description: The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:12249 |
Title: oval:org.mitre.oval:def:12249: CGM Image Converter Buffer Overrun Vulnerability |
Type: Software |
Bulletins:
MITRE:12249 CVE-2010-3945 |
Severity: Low |
| Description: Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office 2003 Microsoft Office Converter Pack |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:12289 |
Title: oval:org.mitre.oval:def:12289: TIFF Image Converter Memory Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:12289 CVE-2010-3950 |
Severity: Low |
| Description: The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: MITRE:11827 |
Title: oval:org.mitre.oval:def:11827: TIFF Image Converter Heap Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:11827 CVE-2010-3947 |
Severity: Low |
| Description: Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2010-12-14 |
Updated: 2015-08-10 |
||
| ID: CVE-2010-4012 |
Title: Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. |
Type: Mobile Devices |
Bulletins:
CVE-2010-4012 |
Severity: Medium |
| Description: Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | ||||
| Applies to: |
Created: 2010-12-08 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-4354 |
Title: Cisco Multiple Products IPSec VPN Aggressive Mode IKE Phase I Message Response Group Name Remote Enumeration |
Type: Hardware |
Bulletins:
CVE-2010-4354 |
Severity: Medium |
| Description: The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | ||||
| Applies to: Cisco VPN 3015 Concentrator Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Cisco Vpn 3005 Concentrator |
Created: 2010-11-30 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3827 |
Title: Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2010-3827 |
Severity: Medium |
| Description: Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3828 |
Title: iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. |
Type: Mobile Devices |
Bulletins:
CVE-2010-3828 |
Severity: Medium |
| Description: iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3829 |
Title: WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for... |
Type: Mobile Devices |
Bulletins:
CVE-2010-3829 |
Severity: Medium |
| Description: WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3830 |
Title: Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2010-3830 |
Severity: High |
| Description: Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3831 |
Title: Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a... |
Type: Mobile Devices |
Bulletins:
CVE-2010-3831 |
Severity: Medium |
| Description: Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3832 |
Title: Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary... |
Type: Mobile Devices |
Bulletins:
CVE-2010-3832 |
Severity: Medium |
| Description: Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. | ||||
| Applies to: |
Created: 2010-11-26 |
Updated: 2017-08-09 |
||
| ID: MITRE:11871 |
Title: oval:org.mitre.oval:def:11871: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:11871 CVE-2010-3558 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12177 |
Title: oval:org.mitre.oval:def:12177: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:12177 CVE-2010-3571 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12189 |
Title: oval:org.mitre.oval:def:12189: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:12189 CVE-2010-3554 |
Severity: Low |
| Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11714 |
Title: oval:org.mitre.oval:def:11714: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions |
Type: Software |
Bulletins:
MITRE:11714 CVE-2010-3567 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11320 |
Title: oval:org.mitre.oval:def:11320: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:11320 CVE-2010-3555 |
Severity: Low |
| Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11880 |
Title: oval:org.mitre.oval:def:11880: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:11880 CVE-2010-3559 |
Severity: Low |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11330 |
Title: oval:org.mitre.oval:def:11330: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions |
Type: Software |
Bulletins:
MITRE:11330 CVE-2010-3551 |
Severity: Low |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11619 |
Title: oval:org.mitre.oval:def:11619: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions |
Type: Software |
Bulletins:
MITRE:11619 CVE-2010-3550 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12180 |
Title: oval:org.mitre.oval:def:12180: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions |
Type: Software |
Bulletins:
MITRE:12180 CVE-2010-3565 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12200 |
Title: oval:org.mitre.oval:def:12200: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions |
Type: Software |
Bulletins:
MITRE:12200 CVE-2010-3561 |
Severity: Low |
| Description: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12173 |
Title: oval:org.mitre.oval:def:12173: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:12173 CVE-2010-3570 |
Severity: Low |
| Description: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11798 |
Title: oval:org.mitre.oval:def:11798: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:11798 CVE-2010-3553 |
Severity: Low |
| Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12029 |
Title: oval:org.mitre.oval:def:12029: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions |
Type: Software |
Bulletins:
MITRE:12029 CVE-2010-3568 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12181 |
Title: oval:org.mitre.oval:def:12181: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:12181 CVE-2010-3563 |
Severity: Low |
| Description: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11268 |
Title: oval:org.mitre.oval:def:11268: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:11268 CVE-2010-3557 |
Severity: Low |
| Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11990 |
Title: oval:org.mitre.oval:def:11990: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:11990 CVE-2010-3573 |
Severity: Low |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12004 |
Title: oval:org.mitre.oval:def:12004: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:12004 CVE-2010-3552 |
Severity: Low |
| Description: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12225 |
Title: oval:org.mitre.oval:def:12225: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions |
Type: Software |
Bulletins:
MITRE:12225 CVE-2010-3566 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11893 |
Title: oval:org.mitre.oval:def:11893: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:11893 CVE-2010-3562 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12240 |
Title: oval:org.mitre.oval:def:12240: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:12240 CVE-2010-3572 |
Severity: Low |
| Description: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12226 |
Title: oval:org.mitre.oval:def:12226: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions |
Type: Software |
Bulletins:
MITRE:12226 CVE-2010-3569 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12005 |
Title: oval:org.mitre.oval:def:12005: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions |
Type: Software |
Bulletins:
MITRE:12005 CVE-2010-3560 |
Severity: Low |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:11815 |
Title: oval:org.mitre.oval:def:11815: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:11815 CVE-2010-3556 |
Severity: Low |
| Description: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Java SE |
Created: 2010-11-19 |
Updated: 2015-06-01 |
||
| ID: MITRE:12179 |
Title: oval:org.mitre.oval:def:12179: Unspecified vulnerability which cause a denial of service (memory corruption) in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12179 CVE-2010-3640 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11905 |
Title: oval:org.mitre.oval:def:11905: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11905 CVE-2010-3645 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12259 |
Title: oval:org.mitre.oval:def:12259: Unspecified ActiveX control vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12259 CVE-2010-3637 |
Severity: Low |
| Description: An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12142 |
Title: oval:org.mitre.oval:def:12142: Vulnerability in parsing of a cross-domain policy file in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12142 CVE-2010-3636 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12095 |
Title: oval:org.mitre.oval:def:12095: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12095 CVE-2010-3647 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11979 |
Title: oval:org.mitre.oval:def:11979: Unspecified vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11979 CVE-2010-3638 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11310 |
Title: oval:org.mitre.oval:def:11310: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11310 CVE-2010-3639 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11660 |
Title: oval:org.mitre.oval:def:11660: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11660 CVE-2010-3644 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12065 |
Title: oval:org.mitre.oval:def:12065: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12065 CVE-2010-3642 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11872 |
Title: oval:org.mitre.oval:def:11872: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11872 CVE-2010-3649 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11842 |
Title: oval:org.mitre.oval:def:11842: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11842 CVE-2010-3648 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11922 |
Title: oval:org.mitre.oval:def:11922: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11922 CVE-2010-3646 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12151 |
Title: oval:org.mitre.oval:def:12151: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12151 CVE-2010-3643 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11965 |
Title: oval:org.mitre.oval:def:11965: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11965 CVE-2010-3652 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12154 |
Title: oval:org.mitre.oval:def:12154: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:12154 CVE-2010-3641 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:11636 |
Title: oval:org.mitre.oval:def:11636: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:11636 CVE-2010-3650 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-11-13 |
Updated: 2015-08-03 |
||
| ID: MITRE:12219 |
Title: oval:org.mitre.oval:def:12219: Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 |
Type: Software |
Bulletins:
MITRE:12219 CVE-2010-3142 |
Severity: High |
| Description: Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. | ||||
| Applies to: Microsoft Office PowerPoint 2007 |
Created: 2010-11-09 |
Updated: 2010-12-20 |
||
| ID: CVE-2010-3039 |
Title: /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the... |
Type: Hardware |
Bulletins:
CVE-2010-3039 SFBID44672 |
Severity: Medium |
| Description: /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-11-09 |
Updated: 2017-08-09 |
||
| ID: MITRE:7360 |
Title: oval:org.mitre.oval:def:7360: Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software |
Type: Software |
Bulletins:
MITRE:7360 CVE-2010-3741 |
Severity: Low |
| Description: The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. | ||||
| Applies to: BlackBerry Desktop Software |
Created: 2010-10-26 |
Updated: 2015-08-24 |
||
| ID: MITRE:6843 |
Title: oval:org.mitre.oval:def:6843: Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47 |
Type: Software |
Bulletins:
MITRE:6843 CVE-2010-2600 |
Severity: Low |
| Description: Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. | ||||
| Applies to: BlackBerry Desktop Software |
Created: 2010-10-26 |
Updated: 2015-08-24 |
||
| ID: MITRE:6926 |
Title: oval:org.mitre.oval:def:6926: Untrusted search path vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x before 10.1.102.64 |
Type: Web |
Bulletins:
MITRE:6926 CVE-2010-3976 |
Severity: Low |
| Description: Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | ||||
| Applies to: Adobe Flash Player |
Created: 2010-10-25 |
Updated: 2015-08-03 |
||
| ID: MITRE:7291 |
Title: oval:org.mitre.oval:def:7291: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0 |
Type: Software |
Bulletins:
MITRE:7291 CVE-2010-3433 |
Severity: Low |
| Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | ||||
| Applies to: PostgreSQL |
Created: 2010-10-21 |
Updated: 2015-03-23 |
||
| ID: MITRE:6645 |
Title: oval:org.mitre.oval:def:6645: Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0 |
Type: Software |
Bulletins:
MITRE:6645 CVE-2010-3781 |
Severity: Low |
| Description: The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433. | ||||
| Applies to: PostgreSQL |
Created: 2010-10-21 |
Updated: 2015-03-23 |
||
| ID: MITRE:6653 |
Title: oval:org.mitre.oval:def:6653: Windows Media Player Memory Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:6653 CVE-2010-2745 |
Severity: Low |
| Description: Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." | ||||
| Applies to: Windows Media Player |
Created: 2010-10-12 |
Updated: 2015-07-06 |
||
| ID: MITRE:6778 |
Title: oval:org.mitre.oval:def:6778: Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 |
Type: Software |
Bulletins:
MITRE:6778 CVE-2010-3127 |
Severity: Low |
| Description: Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: Adobe Photoshop |
Created: 2010-09-28 |
Updated: 2015-08-03 |
||
| ID: MITRE:7604 |
Title: oval:org.mitre.oval:def:7604: Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability |
Type: Software |
Bulletins:
MITRE:7604 CVE-2010-1768 |
Severity: Low |
| Description: Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: MITRE:7217 |
Title: oval:org.mitre.oval:def:7217: Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability |
Type: Software |
Bulletins:
MITRE:7217 CVE-2010-1795 |
Severity: Low |
| Description: Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: MITRE:7178 |
Title: oval:org.mitre.oval:def:7178: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:7178 CVE-2010-1769 |
Severity: Low |
| Description: WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: MITRE:7221 |
Title: oval:org.mitre.oval:def:7221: Apple iTunes Webkit Unspecified Vulnerability |
Type: Software |
Bulletins:
MITRE:7221 CVE-2010-1763 |
Severity: Low |
| Description: Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: MITRE:7061 |
Title: oval:org.mitre.oval:def:7061: Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability |
Type: Software |
Bulletins:
MITRE:7061 CVE-2010-1387 |
Severity: Low |
| Description: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: MITRE:6988 |
Title: oval:org.mitre.oval:def:6988: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:6988 CVE-2010-1777 |
Severity: Low |
| Description: Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. | ||||
| Applies to: Apple iTunes |
Created: 2010-09-23 |
Updated: 2015-06-22 |
||
| ID: CVE-2010-2829 |
Title: Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via... |
Type: Hardware |
Bulletins:
CVE-2010-2829 |
Severity: High |
| Description: Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2830 |
Title: The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. |
Type: Hardware |
Bulletins:
CVE-2010-2830 |
Severity: High |
| Description: The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2831 |
Title: Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624. |
Type: Hardware |
Bulletins:
CVE-2010-2831 |
Severity: High |
| Description: Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2832 |
Title: Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428. |
Type: Hardware |
Bulletins:
CVE-2010-2832 |
Severity: High |
| Description: Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2833 |
Title: Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472. |
Type: Hardware |
Bulletins:
CVE-2010-2833 |
Severity: High |
| Description: Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2834 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote... |
Type: Hardware |
Bulletins:
CVE-2010-2834 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2835 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before... |
Type: Hardware |
Bulletins:
CVE-2010-2835 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2836 |
Title: Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections... |
Type: Hardware |
Bulletins:
CVE-2010-2836 |
Severity: High |
| Description: Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2828 |
Title: Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323... |
Type: Hardware |
Bulletins:
CVE-2010-2828 |
Severity: High |
| Description: Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. | ||||
| Applies to: |
Created: 2010-09-23 |
Updated: 2017-08-09 |
||
| ID: MITRE:6852 |
Title: oval:org.mitre.oval:def:6852: Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability |
Type: Web |
Bulletins:
MITRE:6852 CVE-2010-2884 |
Severity: Low |
| Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. | ||||
| Applies to: Adobe Acrobat Adobe Flash Player Adobe Reader |
Created: 2010-09-14 |
Updated: 2015-08-03 |
||
| ID: CVE-2010-0574 |
Title: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2010-0574 |
Severity: High |
| Description: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0575 |
Title: Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified... |
Type: Hardware |
Bulletins:
CVE-2010-0575 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1807 |
Title: WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1807 SFBID43047 |
Severity: High |
| Description: WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2841 |
Title: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2010-2841 |
Severity: Medium |
| Description: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2842 |
Title: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... |
Type: Hardware |
Bulletins:
CVE-2010-2842 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2843 |
Title: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... |
Type: Hardware |
Bulletins:
CVE-2010-2843 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3033 |
Title: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a... |
Type: Hardware |
Bulletins:
CVE-2010-3033 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3034 |
Title: Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified... |
Type: Hardware |
Bulletins:
CVE-2010-3034 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | ||||
| Applies to: |
Created: 2010-09-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1781 |
Title: Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1781 SFBID43077 |
Severity: Medium |
| Description: Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1809 |
Title: The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1809 |
Severity: High |
| Description: The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1810 |
Title: FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1810 |
Severity: Low |
| Description: FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1811 |
Title: ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1811 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1812 |
Title: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1812 SFBID43079 |
Severity: Medium |
| Description: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1813 |
Title: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1813 |
Severity: Medium |
| Description: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1814 |
Title: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1814 SFBID43083 |
Severity: Medium |
| Description: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1815 |
Title: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1815 SFBID43081 |
Severity: Medium |
| Description: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1817 |
Title: Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1817 |
Severity: Medium |
| Description: Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | ||||
| Applies to: |
Created: 2010-09-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-3035 |
Title: Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the... |
Type: Hardware |
Bulletins:
CVE-2010-3035 |
Severity: Medium |
| Description: Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. | ||||
| Applies to: |
Created: 2010-08-30 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2837 |
Title: The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2010-2837 |
Severity: High |
| Description: The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-08-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2838 |
Title: The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process... |
Type: Hardware |
Bulletins:
CVE-2010-2838 |
Severity: High |
| Description: The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-08-26 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2822 |
Title: Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710... |
Type: Hardware |
Bulletins:
CVE-2010-2822 |
Severity: High |
| Description: Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858. | ||||
| Applies to: Cisco Ace 4710 |
Created: 2010-08-17 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2823 |
Title: Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,... |
Type: Hardware |
Bulletins:
CVE-2010-2823 |
Severity: High |
| Description: Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493. | ||||
| Applies to: Cisco Ace 4710 |
Created: 2010-08-17 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2825 |
Title: Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series... |
Type: Hardware |
Bulletins:
CVE-2010-2825 |
Severity: High |
| Description: Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569. | ||||
| Applies to: Cisco Ace 4710 |
Created: 2010-08-17 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1797 |
Title: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1797 SFBID42151 |
Severity: High |
| Description: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: |
Created: 2010-08-16 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2827 |
Title: Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. |
Type: Hardware |
Bulletins:
CVE-2010-2827 SFBID42426 |
Severity: High |
| Description: Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. | ||||
| Applies to: |
Created: 2010-08-16 |
Updated: 2017-08-09 |
||
| ID: MITRE:11461 |
Title: oval:org.mitre.oval:def:11461: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:11461 CVE-2010-0209 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-08-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:11977 |
Title: oval:org.mitre.oval:def:11977: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:11977 CVE-2010-2216 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-08-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:11532 |
Title: oval:org.mitre.oval:def:11532: Adobe Flash Player and AIR Unspecified Click-jacking Vulnerability |
Type: Web |
Bulletins:
MITRE:11532 CVE-2010-2215 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-08-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:11971 |
Title: oval:org.mitre.oval:def:11971: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:11971 CVE-2010-2214 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-08-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:10983 |
Title: oval:org.mitre.oval:def:10983: Adobe Flash Player and AIR Unspecified Multiple Memory Corruption Vulnerabilities |
Type: Web |
Bulletins:
MITRE:10983 CVE-2010-2213 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-08-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:12011 |
Title: oval:org.mitre.oval:def:12011: Movie Maker Memory Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:12011 CVE-2010-2564 |
Severity: Low |
| Description: Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." | ||||
| Applies to: Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 |
Created: 2010-08-10 |
Updated: 2015-08-10 |
||
| ID: CVE-2010-2975 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. |
Type: Hardware |
Bulletins:
CVE-2010-2975 |
Severity: Low |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2976 |
Title: The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)... |
Type: Hardware |
Bulletins:
CVE-2010-2976 |
Severity: High |
| Description: The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2977 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. |
Type: Hardware |
Bulletins:
CVE-2010-2977 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2978 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,... |
Type: Hardware |
Bulletins:
CVE-2010-2978 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2979 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. |
Type: Hardware |
Bulletins:
CVE-2010-2979 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2980 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. |
Type: Hardware |
Bulletins:
CVE-2010-2980 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2981 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. |
Type: Hardware |
Bulletins:
CVE-2010-2981 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2982 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. |
Type: Hardware |
Bulletins:
CVE-2010-2982 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2983 |
Title: The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an... |
Type: Hardware |
Bulletins:
CVE-2010-2983 |
Severity: High |
| Description: The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2984 |
Title: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. |
Type: Hardware |
Bulletins:
CVE-2010-2984 |
Severity: High |
| Description: Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2988 |
Title: Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. |
Type: Hardware |
Bulletins:
CVE-2010-2988 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. | ||||
| Applies to: Wireless Lan Controller Software |
Created: 2010-08-10 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2705 |
Title: Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via... |
Type: Hardware |
Bulletins:
CVE-2010-2705 |
Severity: Medium |
| Description: Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| Applies to: Procurve Switch 1800-24g Procurve Switch 1800-8g |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2706 |
Title: Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. |
Type: Hardware |
Bulletins:
CVE-2010-2706 |
Severity: Medium |
| Description: Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| Applies to: Procurve Switch 2610-24 Procurve Switch 2610-24-pwr Procurve Switch 2610-24/12pwr Procurve Switch 2610-48 Procurve Switch 2610-48-pwr |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2707 |
Title: Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. |
Type: Hardware |
Bulletins:
CVE-2010-2707 |
Severity: High |
| Description: Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | ||||
| Applies to: Procurve Switch 2626 Procurve Switch 2626-pwr Procurve Switch 2650 Procurve Switch 2650-pwr |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2708 |
Title: Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. |
Type: Hardware |
Bulletins:
CVE-2010-2708 |
Severity: Medium |
| Description: Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. | ||||
| Applies to: Procurve Switch 2610-24 Procurve Switch 2610-24-pwr Procurve Switch 2610-24/12pwr Procurve Switch 2610-48 Procurve Switch 2610-48-pwr |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1578 |
Title: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... |
Type: Hardware |
Bulletins:
CVE-2010-1578 |
Severity: High |
| Description: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567. | ||||
| Applies to: |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1579 |
Title: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... |
Type: Hardware |
Bulletins:
CVE-2010-1579 |
Severity: High |
| Description: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922. | ||||
| Applies to: |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1580 |
Title: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security... |
Type: Hardware |
Bulletins:
CVE-2010-1580 |
Severity: High |
| Description: Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753. | ||||
| Applies to: |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1581 |
Title: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... |
Type: Hardware |
Bulletins:
CVE-2010-1581 SFBID42187 |
Severity: High |
| Description: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627. | ||||
| Applies to: |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2814 |
Title: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... |
Type: Hardware |
Bulletins:
CVE-2010-2814 SFBID42196 |
Severity: High |
| Description: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive... Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2815 |
Title: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3... |
Type: Hardware |
Bulletins:
CVE-2010-2815 SFBID42198 |
Severity: High |
| Description: Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive... Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2816 |
Title: Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2010-2816 SFBID42189 |
Severity: High |
| Description: Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive... Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2817 |
Title: Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and... |
Type: Hardware |
Bulletins:
CVE-2010-2817 SFBID42190 |
Severity: High |
| Description: Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive... Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-08-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2973 |
Title: Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. |
Type: Mobile Devices |
Bulletins:
CVE-2010-2973 SFBID42151 |
Severity: Medium |
| Description: Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. | ||||
| Applies to: |
Created: 2010-08-05 |
Updated: 2017-08-09 |
||
| ID: MITRE:10160 |
Title: oval:org.mitre.oval:def:10160: Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated... |
Type: Web |
Bulletins:
MITRE:10160 CVE-2007-6019 |
Severity: Low |
| Description: Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: MITRE:9250 |
Title: oval:org.mitre.oval:def:9250: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving... |
Type: Web |
Bulletins:
MITRE:9250 CVE-2007-5275 |
Severity: Low |
| Description: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: MITRE:9701 |
Title: oval:org.mitre.oval:def:9701: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is... |
Type: Web |
Bulletins:
MITRE:9701 CVE-2007-4768 |
Severity: Low |
| Description: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | ||||
| Applies to: Adobe Acrobat Adobe Flash Player Adobe Reader |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: MITRE:11435 |
Title: oval:org.mitre.oval:def:11435: Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message... |
Type: Web |
Bulletins:
MITRE:11435 CVE-2008-1654 |
Severity: Low |
| Description: Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: MITRE:10724 |
Title: oval:org.mitre.oval:def:10724: Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. |
Type: Web |
Bulletins:
MITRE:10724 CVE-2008-1655 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: MITRE:10379 |
Title: oval:org.mitre.oval:def:10379: Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used... |
Type: Web |
Bulletins:
MITRE:10379 CVE-2007-0071 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-07-09 |
Updated: 2015-08-03 |
||
| ID: CVE-2010-1574 |
Title: IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the... |
Type: Hardware |
Bulletins:
CVE-2010-1574 SFBID41436 |
Severity: High |
| Description: IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. | ||||
| Applies to: |
Created: 2010-07-08 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1575 |
Title: The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via... |
Type: Hardware |
Bulletins:
CVE-2010-1575 SFBID41315 |
Severity: High |
| Description: The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. | ||||
| Applies to: Content Services Switch 11500 |
Created: 2010-07-06 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1576 |
Title: The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence... |
Type: Hardware |
Bulletins:
CVE-2010-1576 SFBID41315 |
Severity: High |
| Description: The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. | ||||
| Applies to: Cisco Ace 4710 Content Services Switch 11500 |
Created: 2010-07-06 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2629 |
Title: The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which... |
Type: Hardware |
Bulletins:
CVE-2010-2629 SFBID41315 |
Severity: High |
| Description: The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | ||||
| Applies to: Cisco Ace 4710 Content Services Switch 11500 |
Created: 2010-07-06 |
Updated: 2017-08-09 |
||
| ID: CVE-2008-7257 |
Title: CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack... |
Type: Hardware |
Bulletins:
CVE-2008-7257 SFBID41159 |
Severity: Medium |
| Description: CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4910 |
Title: Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2009-4910 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4911 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2009-4911 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4912 |
Title: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions... |
Type: Hardware |
Bulletins:
CVE-2009-4912 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4913 |
Title: The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6... |
Type: Hardware |
Bulletins:
CVE-2009-4913 |
Severity: Medium |
| Description: The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4914 |
Title: Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2009-4914 |
Severity: High |
| Description: Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4915 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection... |
Type: Hardware |
Bulletins:
CVE-2009-4915 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4916 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka... |
Type: Hardware |
Bulletins:
CVE-2009-4916 |
Severity: Medium |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4917 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. |
Type: Hardware |
Bulletins:
CVE-2009-4917 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4918 |
Title: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. |
Type: Hardware |
Bulletins:
CVE-2009-4918 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4919 |
Title: Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. |
Type: Hardware |
Bulletins:
CVE-2009-4919 |
Severity: High |
| Description: Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4920 |
Title: Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. |
Type: Hardware |
Bulletins:
CVE-2009-4920 |
Severity: High |
| Description: Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4921 |
Title: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. |
Type: Hardware |
Bulletins:
CVE-2009-4921 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4922 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer... |
Type: Hardware |
Bulletins:
CVE-2009-4922 |
Severity: Medium |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2009-4923 |
Title: Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. |
Type: Hardware |
Bulletins:
CVE-2009-4923 |
Severity: High |
| Description: Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. | ||||
| Applies to: Cisco ASA 5580 Adaptive Security Appliance |
Created: 2010-06-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2506 |
Title: Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. |
Type: Hardware |
Bulletins:
CVE-2010-2506 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | ||||
| Applies to: WAP54G |
Created: 2010-06-28 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1407 |
Title: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1407 SFBID41016 |
Severity: Medium |
| Description: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1751 |
Title: Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1751 SFBID41016 |
Severity: Medium |
| Description: Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1752 |
Title: Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1752 SFBID41016 |
Severity: Medium |
| Description: Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1753 |
Title: ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1753 SFBID41016 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1754 |
Title: Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1754 SFBID41016 |
Severity: Medium |
| Description: Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1755 |
Title: Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1755 SFBID41016 |
Severity: Medium |
| Description: Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1756 |
Title: The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1756 SFBID41016 |
Severity: Medium |
| Description: The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1757 |
Title: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1757 SFBID41016 |
Severity: Medium |
| Description: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1775 |
Title: Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1775 SFBID41016 |
Severity: Low |
| Description: Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | ||||
| Applies to: |
Created: 2010-06-22 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1387 |
Title: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1387 SFBID41016 |
Severity: High |
| Description: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | ||||
| Applies to: |
Created: 2010-06-18 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2292 |
Title: Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. |
Type: Hardware |
Bulletins:
CVE-2010-2292 SFBID40691 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. | ||||
| Applies to: DI-604 |
Created: 2010-06-15 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2293 |
Title: The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. |
Type: Hardware |
Bulletins:
CVE-2010-2293 SFBID40691 |
Severity: Medium |
| Description: The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. | ||||
| Applies to: DI-604 |
Created: 2010-06-15 |
Updated: 2017-08-09 |
||
| ID: MITRE:6766 |
Title: oval:org.mitre.oval:def:6766: Adobe Flash Player Integer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:6766 CVE-2010-2170 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6903 |
Title: oval:org.mitre.oval:def:6903: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6903 CVE-2010-2175 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6999 |
Title: oval:org.mitre.oval:def:6999: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6999 CVE-2010-2171 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7508 |
Title: oval:org.mitre.oval:def:7508: Adobe Flash Player Memory Exhaustion Vulnerability |
Type: Web |
Bulletins:
MITRE:7508 CVE-2010-2160 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7166 |
Title: oval:org.mitre.oval:def:7166: Adobe Flash Player Heap Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7166 CVE-2010-2162 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6781 |
Title: oval:org.mitre.oval:def:6781: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6781 CVE-2010-2165 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7491 |
Title: oval:org.mitre.oval:def:7491: Adobe Flash Player Multiple Heap Overflow Vulnerabilities |
Type: Web |
Bulletins:
MITRE:7491 CVE-2010-2167 |
Severity: Low |
| Description: Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6758 |
Title: oval:org.mitre.oval:def:6758: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6758 CVE-2010-2182 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7528 |
Title: oval:org.mitre.oval:def:7528: Adobe Flash Player Invalid Pointer Vulnerability |
Type: Web |
Bulletins:
MITRE:7528 CVE-2010-2174 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7014 |
Title: oval:org.mitre.oval:def:7014: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7014 CVE-2010-2180 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7501 |
Title: oval:org.mitre.oval:def:7501: Adobe Flash Player Multiple Vulnerabilities that could lead to code execution |
Type: Web |
Bulletins:
MITRE:7501 CVE-2010-2163 |
Severity: Low |
| Description: Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7303 |
Title: oval:org.mitre.oval:def:7303: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability |
Type: Web |
Bulletins:
MITRE:7303 CVE-2010-2161 |
Severity: Low |
| Description: Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7364 |
Title: oval:org.mitre.oval:def:7364: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7364 CVE-2010-2178 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7126 |
Title: oval:org.mitre.oval:def:7126: Adobe Flash Player URL Parsing Vulnerability that could lead to cross-site scripting |
Type: Web |
Bulletins:
MITRE:7126 CVE-2010-2179 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. | ||||
| Applies to: Adobe AIR Adobe Flash Player Google Chrome Mozilla Firefox |
Created: 2010-06-11 |
Updated: 2015-08-10 |
||
| ID: MITRE:7118 |
Title: oval:org.mitre.oval:def:7118: Adobe Flash Player Denial of Service Vulnerability |
Type: Web |
Bulletins:
MITRE:7118 CVE-2010-2186 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7205 |
Title: oval:org.mitre.oval:def:7205: Adobe Flash Player Memory Exhaustion Vulnerability |
Type: Web |
Bulletins:
MITRE:7205 CVE-2009-3793 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7187 |
Title: oval:org.mitre.oval:def:7187: Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability |
Type: Web |
Bulletins:
MITRE:7187 CVE-2008-4546 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7431 |
Title: oval:org.mitre.oval:def:7431: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7431 CVE-2010-2166 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7415 |
Title: oval:org.mitre.oval:def:7415: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7415 CVE-2010-2176 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7577 |
Title: oval:org.mitre.oval:def:7577: Adobe Flash Player Buffer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7577 CVE-2010-2185 |
Severity: Low |
| Description: Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6991 |
Title: oval:org.mitre.oval:def:6991: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6991 CVE-2010-2189 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6765 |
Title: oval:org.mitre.oval:def:6765: Adobe Flash Player Use-After-Free Vulnerability |
Type: Web |
Bulletins:
MITRE:6765 CVE-2010-2164 |
Severity: Low |
| Description: Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7096 |
Title: oval:org.mitre.oval:def:7096: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7096 CVE-2010-2177 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7278 |
Title: oval:org.mitre.oval:def:7278: Adobe Flash Player Integer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7278 CVE-2010-2183 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7276 |
Title: oval:org.mitre.oval:def:7276: Adobe Flash Player Pointer Memory Corruption |
Type: Web |
Bulletins:
MITRE:7276 CVE-2010-2169 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6946 |
Title: oval:org.mitre.oval:def:6946: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6946 CVE-2010-2188 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7342 |
Title: oval:org.mitre.oval:def:7342: Adobe Flash Player Integer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7342 CVE-2010-2181 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:6762 |
Title: oval:org.mitre.oval:def:6762: Adobe Flash Player Invalid Pointer Vulnerability |
Type: Web |
Bulletins:
MITRE:6762 CVE-2010-2173 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7334 |
Title: oval:org.mitre.oval:def:7334: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7334 CVE-2010-2184 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:7266 |
Title: oval:org.mitre.oval:def:7266: Adobe Flash Player Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7266 CVE-2010-2187 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-06-11 |
Updated: 2015-08-03 |
||
| ID: CVE-2010-1573 |
Title: Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)... |
Type: Hardware |
Bulletins:
CVE-2010-1573 SFBID40648 |
Severity: High |
| Description: Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | ||||
| Applies to: wap54g |
Created: 2010-06-09 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-2261 |
Title: Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. |
Type: Hardware |
Bulletins:
CVE-2010-2261 |
Severity: High |
| Description: Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | ||||
| Applies to: wap54g |
Created: 2010-06-09 |
Updated: 2017-08-09 |
||
| ID: MITRE:12235 |
Title: oval:org.mitre.oval:def:12235: Insecure Library Loading Vulnerability |
Type: Software |
Bulletins:
MITRE:12235 CVE-2010-3965 |
Severity: Low |
| Description: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." | ||||
| Applies to: Windows Media Encoder |
Created: 2010-06-08 |
Updated: 2015-08-10 |
||
| ID: MITRE:7116 |
Title: oval:org.mitre.oval:def:7116: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability |
Type: Web |
Bulletins:
MITRE:7116 CVE-2010-1297 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. | ||||
| Applies to: Adobe Acrobat Adobe Flash Player Adobe Reader |
Created: 2010-06-07 |
Updated: 2015-08-03 |
||
| ID: MITRE:7580 |
Title: oval:org.mitre.oval:def:7580: Use-after-free vulnerability in Adobe Flash Player 6.0.79 |
Type: Web |
Bulletins:
MITRE:7580 CVE-2010-0378 |
Severity: Low |
| Description: Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." | ||||
| Applies to: Adobe Flash Player |
Created: 2010-05-18 |
Updated: 2015-08-03 |
||
| ID: CVE-2009-4821 |
Title: The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi... |
Type: Hardware |
Bulletins:
CVE-2009-4821 SFBID37415 |
Severity: Medium |
| Description: The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | ||||
| Applies to: DIR-615 |
Created: 2010-04-27 |
Updated: 2017-08-09 |
||
| ID: MITRE:7049 |
Title: oval:org.mitre.oval:def:7049: LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability |
Type: Software |
Bulletins:
MITRE:7049 CVE-2009-2285 |
Severity: Low |
| Description: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | ||||
| Applies to: Apple Safari Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:7427 |
Title: oval:org.mitre.oval:def:7427: Apple iTunes MP4 File Processing Denial of Service Vulnerability |
Type: Software |
Bulletins:
MITRE:7427 CVE-2010-0531 |
Severity: Low |
| Description: Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | ||||
| Applies to: Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:6901 |
Title: oval:org.mitre.oval:def:6901: Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
MITRE:6901 CVE-2010-0043 |
Severity: Low |
| Description: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | ||||
| Applies to: Apple Safari Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:6741 |
Title: oval:org.mitre.oval:def:6741: Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:6741 CVE-2010-0040 |
Severity: Low |
| Description: Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | ||||
| Applies to: Apple Safari Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:7561 |
Title: oval:org.mitre.oval:def:7561: Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability |
Type: Software |
Bulletins:
MITRE:7561 CVE-2010-0042 |
Severity: Low |
| Description: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | ||||
| Applies to: Apple Safari Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:7110 |
Title: oval:org.mitre.oval:def:7110: Apple iTunes Install or Update Privilege Escalation Vulnerability |
Type: Software |
Bulletins:
MITRE:7110 CVE-2010-0532 |
Severity: Low |
| Description: Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | ||||
| Applies to: Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: MITRE:6885 |
Title: oval:org.mitre.oval:def:6885: Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability |
Type: Software |
Bulletins:
MITRE:6885 CVE-2010-0041 |
Severity: Low |
| Description: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | ||||
| Applies to: Apple Safari Apple iTunes |
Created: 2010-04-09 |
Updated: 2015-06-22 |
||
| ID: CVE-2010-1226 |
Title: The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1226 SFBID38758 |
Severity: Medium |
| Description: The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | ||||
| Applies to: |
Created: 2010-04-01 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1181 |
Title: Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. |
Type: Mobile Devices |
Bulletins:
CVE-2010-1181 |
Severity: Medium |
| Description: Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. | ||||
| Applies to: |
Created: 2010-03-29 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0576 |
Title: Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers... |
Type: Hardware |
Bulletins:
CVE-2010-0576 SFBID38938 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-1119 |
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1119 SFBID40620 |
Severity: High |
| Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0577 |
Title: Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186. |
Type: Hardware |
Bulletins:
CVE-2010-0577 SFBID38930 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0578 |
Title: The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. |
Type: Hardware |
Bulletins:
CVE-2010-0578 SFBID38932 |
Severity: High |
| Description: The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0579 |
Title: The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." |
Type: Hardware |
Bulletins:
CVE-2010-0579 |
Severity: High |
| Description: The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0580 |
Title: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." |
Type: Hardware |
Bulletins:
CVE-2010-0580 |
Severity: High |
| Description: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0581 |
Title: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." |
Type: Hardware |
Bulletins:
CVE-2010-0581 |
Severity: High |
| Description: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0582 |
Title: Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. |
Type: Hardware |
Bulletins:
CVE-2010-0582 |
Severity: High |
| Description: Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0583 |
Title: Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855. |
Type: Hardware |
Bulletins:
CVE-2010-0583 SFBID38934 |
Severity: High |
| Description: Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0584 |
Title: Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. |
Type: Hardware |
Bulletins:
CVE-2010-0584 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0585 |
Title: Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny... |
Type: Hardware |
Bulletins:
CVE-2010-0585 |
Severity: High |
| Description: Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0586 |
Title: Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS |
Type: Hardware |
Bulletins:
CVE-2010-0586 |
Severity: High |
| Description: Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2010-03-25 |
Updated: 2017-08-09 |
||
| ID: MITRE:7170 |
Title: oval:org.mitre.oval:def:7170: VBScript Help Keypress Vulnerability |
Type: Miscellaneous |
Bulletins:
MITRE:7170 CVE-2010-0483 |
Severity: Low |
| Description: vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." | ||||
| Applies to: VBScript 5.1 VBScript 5.6 VBScript 5.7 VBScript 5.8 |
Created: 2010-03-13 |
Updated: 2015-08-10 |
||
| ID: MITRE:8595 |
Title: oval:org.mitre.oval:def:8595: Movie Maker and Producer Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:8595 CVE-2010-0265 |
Severity: Low |
| Description: Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Producer 2003 Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 |
Created: 2010-03-09 |
Updated: 2015-08-10 |
||
| ID: CVE-2010-0936 |
Title: Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. |
Type: Hardware |
Bulletins:
CVE-2010-0936 SFBID37646 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. | ||||
| Applies to: DKVM-IP8 |
Created: 2010-03-08 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0587 |
Title: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP... |
Type: Hardware |
Bulletins:
CVE-2010-0587 SFBID38496 |
Severity: High |
| Description: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-03-05 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0588 |
Title: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines... |
Type: Hardware |
Bulletins:
CVE-2010-0588 SFBID38501 |
Severity: High |
| Description: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-03-05 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0590 |
Title: The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register... |
Type: Hardware |
Bulletins:
CVE-2010-0590 SFBID38495 |
Severity: High |
| Description: The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-03-05 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0591 |
Title: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to... |
Type: Hardware |
Bulletins:
CVE-2010-0591 SFBID38498 |
Severity: High |
| Description: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-03-05 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0592 |
Title: The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2010-0592 SFBID38497 |
Severity: High |
| Description: The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800. | ||||
| Applies to: Unified Communications Manager |
Created: 2010-03-05 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0149 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2010-0149 SFBID38275 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0150 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows... |
Type: Hardware |
Bulletins:
CVE-2010-0150 SFBID38277 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157. | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0565 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device... |
Type: Hardware |
Bulletins:
CVE-2010-0565 SFBID38280 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0566 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2010-0566 SFBID38278 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219. | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0567 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows... |
Type: Hardware |
Bulletins:
CVE-2010-0567 SFBID38279 |
Severity: Medium |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782. | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0568 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote... |
Type: Hardware |
Bulletins:
CVE-2010-0568 SFBID38279 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953. | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0569 |
Title: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows... |
Type: Hardware |
Bulletins:
CVE-2010-0569 SFBID38281 |
Severity: High |
| Description: Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018. | ||||
| Applies to: |
Created: 2010-02-19 |
Updated: 2017-08-09 |
||
| ID: MITRE:8518 |
Title: oval:org.mitre.oval:def:8518: Adobe Flash Player, Acrobat, Adobe Reader and AIR Cross Domain Request Vulnerability |
Type: Web |
Bulletins:
MITRE:8518 CVE-2010-0186 |
Severity: Low |
| Description: Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Acrobat Adobe Flash Player Adobe Reader |
Created: 2010-02-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:8393 |
Title: oval:org.mitre.oval:def:8393: Adobe Flash Player and AIR Denial of Service Vulnerability |
Type: Web |
Bulletins:
MITRE:8393 CVE-2010-0187 |
Severity: Low |
| Description: Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-02-14 |
Updated: 2015-08-03 |
||
| ID: CVE-2010-0038 |
Title: Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that... |
Type: Mobile Devices |
Bulletins:
CVE-2010-0038 SFBID38040 |
Severity: Medium |
| Description: Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | ||||
| Applies to: |
Created: 2010-02-03 |
Updated: 2017-08-09 |
||
| ID: CVE-2010-0137 |
Title: Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574. |
Type: Hardware |
Bulletins:
CVE-2010-0137 SFBID37878 |
Severity: High |
| Description: Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574. | ||||
| Applies to: |
Created: 2010-01-21 |
Updated: 2017-08-09 |
||
| ID: MITRE:7709 |
Title: oval:org.mitre.oval:def:7709: libpng buffer overflow |
Type: Software |
Bulletins:
MITRE:7709 CVE-2004-0597 |
Severity: Low |
| Description: Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||||
| Applies to: Adobe Acrobat Reader MSN Messenger 4.7 MSN Messenger 6.1 MSN Messenger 6.2 |
Created: 2010-01-15 |
Updated: 2015-05-04 |
||
| ID: MITRE:6694 |
Title: oval:org.mitre.oval:def:6694: Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability |
Type: Web |
Bulletins:
MITRE:6694 CVE-2009-1867 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7191 |
Title: oval:org.mitre.oval:def:7191: Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7191 CVE-2009-3799 |
Severity: Low |
| Description: Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7271 |
Title: oval:org.mitre.oval:def:7271: Adobe Flash Player and AIR Stack Buffer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7271 CVE-2009-1866 |
Severity: Low |
| Description: Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6899 |
Title: oval:org.mitre.oval:def:6899: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6899 CVE-2009-3798 |
Severity: Low |
| Description: Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7465 |
Title: oval:org.mitre.oval:def:7465: Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:7465 CVE-2009-3794 |
Severity: Low |
| Description: Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6648 |
Title: oval:org.mitre.oval:def:6648: Adobe Flash Player and AIR Sandbox Bypass Information Disclosure Vulnerability |
Type: Web |
Bulletins:
MITRE:6648 CVE-2009-1870 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6865 |
Title: oval:org.mitre.oval:def:6865: Adobe Flash Player and AIR URI Parsing Heap Buffer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:6865 CVE-2009-1868 |
Severity: Low |
| Description: Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6660 |
Title: oval:org.mitre.oval:def:6660: Adobe Flash Player and AIR Loader Object Heap Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:6660 CVE-2009-1864 |
Severity: Low |
| Description: Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6972 |
Title: oval:org.mitre.oval:def:6972: Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities |
Type: Web |
Bulletins:
MITRE:6972 CVE-2009-3800 |
Severity: Low |
| Description: Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6998 |
Title: oval:org.mitre.oval:def:6998: Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability |
Type: Web |
Bulletins:
MITRE:6998 CVE-2009-1869 |
Severity: Low |
| Description: Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7140 |
Title: oval:org.mitre.oval:def:7140: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability |
Type: Web |
Bulletins:
MITRE:7140 CVE-2009-3797 |
Severity: Low |
| Description: Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7460 |
Title: oval:org.mitre.oval:def:7460: Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability |
Type: Web |
Bulletins:
MITRE:7460 CVE-2009-3796 |
Severity: Low |
| Description: Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6961 |
Title: oval:org.mitre.oval:def:6961: Adobe Flash Player and AIR Unspecified Privilege Escalation Vulnerability |
Type: Web |
Bulletins:
MITRE:6961 CVE-2009-1863 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7011 |
Title: oval:org.mitre.oval:def:7011: Adobe Flash Player and AIR NULL Pointer Exception Remote Code Execution Vulnerability |
Type: Web |
Bulletins:
MITRE:7011 CVE-2009-1865 |
Severity: Low |
| Description: Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:6663 |
Title: oval:org.mitre.oval:def:6663: Adobe Flash Player ActiveX Control Information Disclosure Vulnerability |
Type: Web |
Bulletins:
MITRE:6663 CVE-2009-3951 |
Severity: Low |
| Description: Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. | ||||
| Applies to: Adobe AIR Adobe Flash Player |
Created: 2010-01-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:7573 |
Title: oval:org.mitre.oval:def:7573: ATL Null String Vulnerability |
Type: |
Bulletins:
MITRE:7573 CVE-2009-2495 |
Severity: Low |
| Description: The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||||
| Applies to: Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 |
Created: 2010-01-12 |
Updated: 2015-08-10 |
||
| ID: MITRE:7995 |
Title: oval:org.mitre.oval:def:7995: Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:7995 CVE-2008-4116 |
Severity: Low |
| Description: Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | ||||
| Applies to: Apple QuickTime Apple iTunes |
Created: 2010-01-12 |
Updated: 2015-06-22 |
||
