LanGuard reports



Supported OVAL Bulletins


More information on 2015 updates



ID:
MITRE:12350
Title:
oval:org.mitre.oval:def:12350: FlashPix Image Converter Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:12350
CVE-2010-3951
Severity:
Low
Description:
Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office Converter Pack
Microsoft Works 9
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:12387
Title:
oval:org.mitre.oval:def:12387: TIFF Image Converter Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:12387
CVE-2010-3949
Severity:
Low
Description:
Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office Converter Pack
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:11967
Title:
oval:org.mitre.oval:def:11967: PICT Image Converter Integer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:11967
CVE-2010-3946
Severity:
Low
Description:
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office 2003
Microsoft Office Converter Pack
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:12150
Title:
oval:org.mitre.oval:def:12150: FlashPix Image Converter Heap Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:12150
CVE-2010-3952
Severity:
Low
Description:
The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office Converter Pack
Microsoft Works 9
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:12249
Title:
oval:org.mitre.oval:def:12249: CGM Image Converter Buffer Overrun Vulnerability
Type:
Software
Bulletins:
MITRE:12249
CVE-2010-3945
Severity:
Low
Description:
Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office 2003
Microsoft Office Converter Pack
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:12289
Title:
oval:org.mitre.oval:def:12289: TIFF Image Converter Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:12289
CVE-2010-3950
Severity:
Low
Description:
The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office Converter Pack
Microsoft Works 9
Created:
2010-12-14
Updated:
2015-08-10

ID:
MITRE:11827
Title:
oval:org.mitre.oval:def:11827: TIFF Image Converter Heap Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:11827
CVE-2010-3947
Severity:
Low
Description:
Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."
Applies to:
Microsoft Office 2002
Microsoft Office Converter Pack
Microsoft Works 9
Created:
2010-12-14
Updated:
2015-08-10

ID:
CVE-2010-4012
Title:
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
Type:
Mobile Devices
Bulletins:
CVE-2010-4012
Severity:
Medium
Description:
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
Applies to:
Created:
2010-12-08
Updated:
2017-11-10

ID:
CVE-2010-4354
Title:
Cisco Multiple Products IPSec VPN Aggressive Mode IKE Phase I Message Response Group Name Remote Enumeration
Type:
Hardware
Bulletins:
CVE-2010-4354
Severity:
Medium
Description:
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025.
Applies to:
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco Vpn 3005 Concentrator
Created:
2010-11-30
Updated:
2017-11-10

ID:
CVE-2010-3827
Title:
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-3827
Severity:
Medium
Description:
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
CVE-2010-3828
Title:
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
Type:
Mobile Devices
Bulletins:
CVE-2010-3828
Severity:
Medium
Description:
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
CVE-2010-3829
Title:
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for...
Type:
Mobile Devices
Bulletins:
CVE-2010-3829
Severity:
Medium
Description:
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
CVE-2010-3830
Title:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-3830
Severity:
High
Description:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
CVE-2010-3831
Title:
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a...
Type:
Mobile Devices
Bulletins:
CVE-2010-3831
Severity:
Medium
Description:
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
CVE-2010-3832
Title:
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary...
Type:
Mobile Devices
Bulletins:
CVE-2010-3832
Severity:
Medium
Description:
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
Applies to:
Created:
2010-11-26
Updated:
2017-11-10

ID:
MITRE:11871
Title:
oval:org.mitre.oval:def:11871: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11871
CVE-2010-3558
Severity:
Low
Description:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12177
Title:
oval:org.mitre.oval:def:12177: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12177
CVE-2010-3571
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12189
Title:
oval:org.mitre.oval:def:12189: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12189
CVE-2010-3554
Severity:
Low
Description:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11714
Title:
oval:org.mitre.oval:def:11714: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
Type:
Software
Bulletins:
MITRE:11714
CVE-2010-3567
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11320
Title:
oval:org.mitre.oval:def:11320: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11320
CVE-2010-3555
Severity:
Low
Description:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11619
Title:
oval:org.mitre.oval:def:11619: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:11619
CVE-2010-3550
Severity:
Low
Description:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11880
Title:
oval:org.mitre.oval:def:11880: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11880
CVE-2010-3559
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11330
Title:
oval:org.mitre.oval:def:11330: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:11330
CVE-2010-3551
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12180
Title:
oval:org.mitre.oval:def:12180: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12180
CVE-2010-3565
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12200
Title:
oval:org.mitre.oval:def:12200: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:12200
CVE-2010-3561
Severity:
Low
Description:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12173
Title:
oval:org.mitre.oval:def:12173: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12173
CVE-2010-3570
Severity:
Low
Description:
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11798
Title:
oval:org.mitre.oval:def:11798: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11798
CVE-2010-3553
Severity:
Low
Description:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12029
Title:
oval:org.mitre.oval:def:12029: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12029
CVE-2010-3568
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12181
Title:
oval:org.mitre.oval:def:12181: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12181
CVE-2010-3563
Severity:
Low
Description:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11268
Title:
oval:org.mitre.oval:def:11268: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11268
CVE-2010-3557
Severity:
Low
Description:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11990
Title:
oval:org.mitre.oval:def:11990: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11990
CVE-2010-3573
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12004
Title:
oval:org.mitre.oval:def:12004: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12004
CVE-2010-3552
Severity:
Low
Description:
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12225
Title:
oval:org.mitre.oval:def:12225: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:12225
CVE-2010-3566
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11893
Title:
oval:org.mitre.oval:def:11893: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11893
CVE-2010-3562
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12005
Title:
oval:org.mitre.oval:def:12005: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12005
CVE-2010-3560
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12226
Title:
oval:org.mitre.oval:def:12226: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12226
CVE-2010-3569
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12240
Title:
oval:org.mitre.oval:def:12240: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12240
CVE-2010-3572
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:11815
Title:
oval:org.mitre.oval:def:11815: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11815
CVE-2010-3556
Severity:
Low
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-11-19
Updated:
2015-06-01

ID:
MITRE:12142
Title:
oval:org.mitre.oval:def:12142: Vulnerability in parsing of a cross-domain policy file in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12142
CVE-2010-3636
Severity:
Low
Description:
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12179
Title:
oval:org.mitre.oval:def:12179: Unspecified vulnerability which cause a denial of service (memory corruption) in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12179
CVE-2010-3640
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11905
Title:
oval:org.mitre.oval:def:11905: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11905
CVE-2010-3645
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12259
Title:
oval:org.mitre.oval:def:12259: Unspecified ActiveX control vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12259
CVE-2010-3637
Severity:
Low
Description:
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11979
Title:
oval:org.mitre.oval:def:11979: Unspecified vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11979
CVE-2010-3638
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11310
Title:
oval:org.mitre.oval:def:11310: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11310
CVE-2010-3639
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11660
Title:
oval:org.mitre.oval:def:11660: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11660
CVE-2010-3644
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12095
Title:
oval:org.mitre.oval:def:12095: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12095
CVE-2010-3647
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12065
Title:
oval:org.mitre.oval:def:12065: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12065
CVE-2010-3642
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11872
Title:
oval:org.mitre.oval:def:11872: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11872
CVE-2010-3649
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11922
Title:
oval:org.mitre.oval:def:11922: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11922
CVE-2010-3646
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11842
Title:
oval:org.mitre.oval:def:11842: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11842
CVE-2010-3648
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12151
Title:
oval:org.mitre.oval:def:12151: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12151
CVE-2010-3643
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11965
Title:
oval:org.mitre.oval:def:11965: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11965
CVE-2010-3652
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12154
Title:
oval:org.mitre.oval:def:12154: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:12154
CVE-2010-3641
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:11636
Title:
oval:org.mitre.oval:def:11636: Unspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64
Type:
Web
Bulletins:
MITRE:11636
CVE-2010-3650
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.
Applies to:
Adobe Flash Player
Created:
2010-11-13
Updated:
2015-08-03

ID:
MITRE:12219
Title:
oval:org.mitre.oval:def:12219: Untrusted search path vulnerability in Microsoft Office PowerPoint 2007
Type:
Software
Bulletins:
MITRE:12219
CVE-2010-3142
Severity:
High
Description:
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
Applies to:
Microsoft Office PowerPoint 2007
Created:
2010-11-09
Updated:
2010-12-20

ID:
CVE-2010-3039
Title:
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the...
Type:
Hardware
Bulletins:
CVE-2010-3039
SFBID44672
Severity:
Medium
Description:
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Applies to:
Unified Communications Manager
Created:
2010-11-09
Updated:
2017-11-10

ID:
MITRE:7360
Title:
oval:org.mitre.oval:def:7360: Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
Type:
Software
Bulletins:
MITRE:7360
CVE-2010-3741
Severity:
Low
Description:
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
Applies to:
BlackBerry Desktop Software
Created:
2010-10-26
Updated:
2015-08-24

ID:
MITRE:6843
Title:
oval:org.mitre.oval:def:6843: Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47
Type:
Software
Bulletins:
MITRE:6843
CVE-2010-2600
Severity:
Low
Description:
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.
Applies to:
BlackBerry Desktop Software
Created:
2010-10-26
Updated:
2015-08-24

ID:
MITRE:6926
Title:
oval:org.mitre.oval:def:6926: Untrusted search path vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x before 10.1.102.64
Type:
Web
Bulletins:
MITRE:6926
CVE-2010-3976
Severity:
Low
Description:
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
Applies to:
Adobe Flash Player
Created:
2010-10-25
Updated:
2015-08-03

ID:
MITRE:7291
Title:
oval:org.mitre.oval:def:7291: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Type:
Software
Bulletins:
MITRE:7291
CVE-2010-3433
Severity:
Low
Description:
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Applies to:
PostgreSQL
Created:
2010-10-21
Updated:
2015-03-23

ID:
MITRE:6645
Title:
oval:org.mitre.oval:def:6645: Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0
Type:
Software
Bulletins:
MITRE:6645
CVE-2010-3781
Severity:
Low
Description:
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
Applies to:
PostgreSQL
Created:
2010-10-21
Updated:
2015-03-23

ID:
MITRE:6653
Title:
oval:org.mitre.oval:def:6653: Windows Media Player Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:6653
CVE-2010-2745
Severity:
Low
Description:
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
Applies to:
Windows Media Player
Created:
2010-10-12
Updated:
2015-07-06

ID:
MITRE:6778
Title:
oval:org.mitre.oval:def:6778: Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5
Type:
Software
Bulletins:
MITRE:6778
CVE-2010-3127
Severity:
Low
Description:
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.
Applies to:
Adobe Photoshop
Created:
2010-09-28
Updated:
2015-08-03

ID:
MITRE:7604
Title:
oval:org.mitre.oval:def:7604: Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
Type:
Software
Bulletins:
MITRE:7604
CVE-2010-1768
Severity:
Low
Description:
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
MITRE:7217
Title:
oval:org.mitre.oval:def:7217: Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:7217
CVE-2010-1795
Severity:
Low
Description:
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
MITRE:7178
Title:
oval:org.mitre.oval:def:7178: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:7178
CVE-2010-1769
Severity:
Low
Description:
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
MITRE:7221
Title:
oval:org.mitre.oval:def:7221: Apple iTunes Webkit Unspecified Vulnerability
Type:
Software
Bulletins:
MITRE:7221
CVE-2010-1763
Severity:
Low
Description:
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
MITRE:7061
Title:
oval:org.mitre.oval:def:7061: Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
Type:
Software
Bulletins:
MITRE:7061
CVE-2010-1387
Severity:
Low
Description:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
MITRE:6988
Title:
oval:org.mitre.oval:def:6988: Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6988
CVE-2010-1777
Severity:
Low
Description:
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
Applies to:
Apple iTunes
Created:
2010-09-23
Updated:
2015-06-22

ID:
CVE-2010-2828
Title:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323...
Type:
Hardware
Bulletins:
CVE-2010-2828
Severity:
High
Description:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2829
Title:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via...
Type:
Hardware
Bulletins:
CVE-2010-2829
Severity:
High
Description:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2830
Title:
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
Type:
Hardware
Bulletins:
CVE-2010-2830
Severity:
High
Description:
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2831
Title:
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
Type:
Hardware
Bulletins:
CVE-2010-2831
Severity:
High
Description:
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2832
Title:
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
Type:
Hardware
Bulletins:
CVE-2010-2832
Severity:
High
Description:
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2833
Title:
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
Type:
Hardware
Bulletins:
CVE-2010-2833
Severity:
High
Description:
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2834
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote...
Type:
Hardware
Bulletins:
CVE-2010-2834
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.
Applies to:
Unified Communications Manager
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2835
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before...
Type:
Hardware
Bulletins:
CVE-2010-2835
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
Applies to:
Unified Communications Manager
Created:
2010-09-23
Updated:
2017-11-10

ID:
CVE-2010-2836
Title:
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections...
Type:
Hardware
Bulletins:
CVE-2010-2836
Severity:
High
Description:
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.
Applies to:
Created:
2010-09-23
Updated:
2017-11-10

ID:
MITRE:6852
Title:
oval:org.mitre.oval:def:6852: Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability
Type:
Web
Bulletins:
MITRE:6852
CVE-2010-2884
Severity:
Low
Description:
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Applies to:
Adobe Acrobat
Adobe Flash Player
Adobe Reader
Created:
2010-09-14
Updated:
2015-08-03

ID:
CVE-2010-0574
Title:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2010-0574
Severity:
High
Description:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-0575
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
Type:
Hardware
Bulletins:
CVE-2010-0575
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-1807
Title:
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial...
Type:
Mobile Devices
Bulletins:
CVE-2010-1807
SFBID43047
Severity:
High
Description:
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-2841
Title:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2010-2841
Severity:
Medium
Description:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-2842
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-2842
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-2843
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-2843
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-3033
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-3033
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-3034
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
Type:
Hardware
Bulletins:
CVE-2010-3034
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.
Applies to:
Created:
2010-09-10
Updated:
2017-11-10

ID:
CVE-2010-1781
Title:
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an...
Type:
Mobile Devices
Bulletins:
CVE-2010-1781
SFBID43077
Severity:
Medium
Description:
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1809
Title:
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-1809
Severity:
High
Description:
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1810
Title:
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
Type:
Mobile Devices
Bulletins:
CVE-2010-1810
Severity:
Low
Description:
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1811
Title:
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
Type:
Mobile Devices
Bulletins:
CVE-2010-1811
Severity:
Medium
Description:
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1812
Title:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
Type:
Mobile Devices
Bulletins:
CVE-2010-1812
SFBID43079
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1813
Title:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
Type:
Mobile Devices
Bulletins:
CVE-2010-1813
Severity:
Medium
Description:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1814
Title:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving...
Type:
Mobile Devices
Bulletins:
CVE-2010-1814
SFBID43083
Severity:
Medium
Description:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1815
Title:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
Type:
Mobile Devices
Bulletins:
CVE-2010-1815
SFBID43081
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-1817
Title:
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
Type:
Mobile Devices
Bulletins:
CVE-2010-1817
Severity:
Medium
Description:
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
Applies to:
Created:
2010-09-09
Updated:
2017-11-10

ID:
CVE-2010-3035
Title:
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the...
Type:
Hardware
Bulletins:
CVE-2010-3035
Severity:
Medium
Description:
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
Applies to:
Created:
2010-08-30
Updated:
2017-11-10

ID:
CVE-2010-2837
Title:
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2010-2837
Severity:
High
Description:
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.
Applies to:
Unified Communications Manager
Created:
2010-08-26
Updated:
2017-11-10

ID:
CVE-2010-2838
Title:
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process...
Type:
Hardware
Bulletins:
CVE-2010-2838
Severity:
High
Description:
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.
Applies to:
Unified Communications Manager
Created:
2010-08-26
Updated:
2017-11-10

ID:
CVE-2010-2822
Title:
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710...
Type:
Hardware
Bulletins:
CVE-2010-2822
Severity:
High
Description:
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2017-11-10

ID:
CVE-2010-2823
Title:
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,...
Type:
Hardware
Bulletins:
CVE-2010-2823
Severity:
High
Description:
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2017-11-10

ID:
CVE-2010-2825
Title:
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series...
Type:
Hardware
Bulletins:
CVE-2010-2825
Severity:
High
Description:
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2017-11-10

ID:
CVE-2010-1797
Title:
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch...
Type:
Mobile Devices
Bulletins:
CVE-2010-1797
SFBID42151
Severity:
High
Description:
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Applies to:
Created:
2010-08-16
Updated:
2017-11-10

ID:
CVE-2010-2827
Title:
Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.
Type:
Hardware
Bulletins:
CVE-2010-2827
SFBID42426
Severity:
High
Description:
Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.
Applies to:
Created:
2010-08-16
Updated:
2017-11-10

ID:
MITRE:11461
Title:
oval:org.mitre.oval:def:11461: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:11461
CVE-2010-0209
Severity:
Low
Description:
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-08-11
Updated:
2015-08-03

ID:
MITRE:11977
Title:
oval:org.mitre.oval:def:11977: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:11977
CVE-2010-2216
Severity:
Low
Description:
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-08-11
Updated:
2015-08-03

ID:
MITRE:11532
Title:
oval:org.mitre.oval:def:11532: Adobe Flash Player and AIR Unspecified Click-jacking Vulnerability
Type:
Web
Bulletins:
MITRE:11532
CVE-2010-2215
Severity:
Low
Description:
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-08-11
Updated:
2015-08-03

ID:
MITRE:11971
Title:
oval:org.mitre.oval:def:11971: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:11971
CVE-2010-2214
Severity:
Low
Description:
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-08-11
Updated:
2015-08-03

ID:
MITRE:10983
Title:
oval:org.mitre.oval:def:10983: Adobe Flash Player and AIR Unspecified Multiple Memory Corruption Vulnerabilities
Type:
Web
Bulletins:
MITRE:10983
CVE-2010-2213
Severity:
Low
Description:
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-08-11
Updated:
2015-08-03

ID:
MITRE:12011
Title:
oval:org.mitre.oval:def:12011: Movie Maker Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:12011
CVE-2010-2564
Severity:
Low
Description:
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
Applies to:
Movie Maker 2.1
Movie Maker 2.6
Movie Maker 6.0
Created:
2010-08-10
Updated:
2015-08-10

ID:
CVE-2010-2975
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Type:
Hardware
Bulletins:
CVE-2010-2975
Severity:
Low
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2976
Title:
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)...
Type:
Hardware
Bulletins:
CVE-2010-2976
Severity:
High
Description:
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2977
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
Type:
Hardware
Bulletins:
CVE-2010-2977
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2978
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,...
Type:
Hardware
Bulletins:
CVE-2010-2978
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2979
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
Type:
Hardware
Bulletins:
CVE-2010-2979
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2980
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
Type:
Hardware
Bulletins:
CVE-2010-2980
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2981
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.
Type:
Hardware
Bulletins:
CVE-2010-2981
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2982
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
Type:
Hardware
Bulletins:
CVE-2010-2982
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2983
Title:
The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an...
Type:
Hardware
Bulletins:
CVE-2010-2983
Severity:
High
Description:
The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2984
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
Type:
Hardware
Bulletins:
CVE-2010-2984
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2988
Title:
Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
Type:
Hardware
Bulletins:
CVE-2010-2988
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2017-11-10

ID:
CVE-2010-2705
Title:
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via...
Type:
Hardware
Bulletins:
CVE-2010-2705
Severity:
Medium
Description:
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.
Applies to:
Procurve Switch 1800-24g
Procurve Switch 1800-8g
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2706
Title:
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2706
Severity:
Medium
Description:
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2610-24
Procurve Switch 2610-24-pwr
Procurve Switch 2610-24/12pwr
Procurve Switch 2610-48
Procurve Switch 2610-48-pwr
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2707
Title:
Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2707
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2626
Procurve Switch 2626-pwr
Procurve Switch 2650
Procurve Switch 2650-pwr
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2708
Title:
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2708
Severity:
Medium
Description:
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2610-24
Procurve Switch 2610-24-pwr
Procurve Switch 2610-24/12pwr
Procurve Switch 2610-48
Procurve Switch 2610-48-pwr
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-1578
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1578
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.
Applies to:
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-1579
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1579
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922.
Applies to:
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-1580
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1580
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753.
Applies to:
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-1581
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-1581
SFBID42187
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627.
Applies to:
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2814
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-2814
SFBID42196
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2815
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-2815
SFBID42198
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2816
Title:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2010-2816
SFBID42189
Severity:
High
Description:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2817
Title:
Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and...
Type:
Hardware
Bulletins:
CVE-2010-2817
SFBID42190
Severity:
High
Description:
Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2017-11-10

ID:
CVE-2010-2973
Title:
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Type:
Mobile Devices
Bulletins:
CVE-2010-2973
SFBID42151
Severity:
Medium
Description:
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Applies to:
Created:
2010-08-05
Updated:
2017-11-10

ID:
MITRE:10160
Title:
oval:org.mitre.oval:def:10160: Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated...
Type:
Web
Bulletins:
MITRE:10160
CVE-2007-6019
Severity:
Low
Description:
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-07-09
Updated:
2015-08-03

ID:
MITRE:9250
Title:
oval:org.mitre.oval:def:9250: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving...
Type:
Web
Bulletins:
MITRE:9250
CVE-2007-5275
Severity:
Low
Description:
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-07-09
Updated:
2015-08-03

ID:
MITRE:9701
Title:
oval:org.mitre.oval:def:9701: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is...
Type:
Web
Bulletins:
MITRE:9701
CVE-2007-4768
Severity:
Low
Description:
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Applies to:
Adobe Acrobat
Adobe Flash Player
Adobe Reader
Created:
2010-07-09
Updated:
2015-08-03

ID:
MITRE:11435
Title:
oval:org.mitre.oval:def:11435: Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message...
Type:
Web
Bulletins:
MITRE:11435
CVE-2008-1654
Severity:
Low
Description:
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-07-09
Updated:
2015-08-03

ID:
MITRE:10724
Title:
oval:org.mitre.oval:def:10724: Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Type:
Web
Bulletins:
MITRE:10724
CVE-2008-1655
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-07-09
Updated:
2015-08-03

ID:
MITRE:10379
Title:
oval:org.mitre.oval:def:10379: Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used...
Type:
Web
Bulletins:
MITRE:10379
CVE-2007-0071
Severity:
Low
Description:
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-07-09
Updated:
2015-08-03

ID:
CVE-2010-1574
Title:
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the...
Type:
Hardware
Bulletins:
CVE-2010-1574
SFBID41436
Severity:
High
Description:
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
Applies to:
Created:
2010-07-08
Updated:
2017-11-10

ID:
CVE-2010-1575
Title:
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via...
Type:
Hardware
Bulletins:
CVE-2010-1575
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.
Applies to:
Content Services Switch 11500
Created:
2010-07-06
Updated:
2017-11-10

ID:
CVE-2010-1576
Title:
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence...
Type:
Hardware
Bulletins:
CVE-2010-1576
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
Applies to:
Cisco Ace 4710
Content Services Switch 11500
Created:
2010-07-06
Updated:
2017-11-10

ID:
CVE-2010-2629
Title:
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which...
Type:
Hardware
Bulletins:
CVE-2010-2629
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
Applies to:
Cisco Ace 4710
Content Services Switch 11500
Created:
2010-07-06
Updated:
2017-11-10

ID:
CVE-2008-7257
Title:
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack...
Type:
Hardware
Bulletins:
CVE-2008-7257
SFBID41159
Severity:
Medium
Description:
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4910
Title:
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug...
Type:
Hardware
Bulletins:
CVE-2009-4910
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4911
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug...
Type:
Hardware
Bulletins:
CVE-2009-4911
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4912
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions...
Type:
Hardware
Bulletins:
CVE-2009-4912
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4913
Title:
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6...
Type:
Hardware
Bulletins:
CVE-2009-4913
Severity:
Medium
Description:
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4914
Title:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2009-4914
Severity:
High
Description:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4915
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection...
Type:
Hardware
Bulletins:
CVE-2009-4915
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4916
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka...
Type:
Hardware
Bulletins:
CVE-2009-4916
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4917
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
Type:
Hardware
Bulletins:
CVE-2009-4917
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4918
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
Type:
Hardware
Bulletins:
CVE-2009-4918
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4919
Title:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
Type:
Hardware
Bulletins:
CVE-2009-4919
Severity:
High
Description:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4920
Title:
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
Type:
Hardware
Bulletins:
CVE-2009-4920
Severity:
High
Description:
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4921
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
Type:
Hardware
Bulletins:
CVE-2009-4921
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4922
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer...
Type:
Hardware
Bulletins:
CVE-2009-4922
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2009-4923
Title:
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
Type:
Hardware
Bulletins:
CVE-2009-4923
Severity:
High
Description:
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2017-11-10

ID:
CVE-2010-2506
Title:
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
Type:
Hardware
Bulletins:
CVE-2010-2506
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
Applies to:
WAP54G
Created:
2010-06-28
Updated:
2017-11-10

ID:
CVE-2010-1407
Title:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via...
Type:
Mobile Devices
Bulletins:
CVE-2010-1407
SFBID41016
Severity:
Medium
Description:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1751
Title:
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-1751
SFBID41016
Severity:
Medium
Description:
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1752
Title:
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
Type:
Mobile Devices
Bulletins:
CVE-2010-1752
SFBID41016
Severity:
Medium
Description:
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1753
Title:
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
Type:
Mobile Devices
Bulletins:
CVE-2010-1753
SFBID41016
Severity:
Medium
Description:
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1754
Title:
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2010-1754
SFBID41016
Severity:
Medium
Description:
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1755
Title:
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
Type:
Mobile Devices
Bulletins:
CVE-2010-1755
SFBID41016
Severity:
Medium
Description:
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1756
Title:
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an...
Type:
Mobile Devices
Bulletins:
CVE-2010-1756
SFBID41016
Severity:
Medium
Description:
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1757
Title:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
Type:
Mobile Devices
Bulletins:
CVE-2010-1757
SFBID41016
Severity:
Medium
Description:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1775
Title:
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,...
Type:
Mobile Devices
Bulletins:
CVE-2010-1775
SFBID41016
Severity:
Low
Description:
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
Applies to:
Created:
2010-06-22
Updated:
2017-11-10

ID:
CVE-2010-1387
Title:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2010-1387
SFBID41016
Severity:
High
Description:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Applies to:
Created:
2010-06-18
Updated:
2017-11-10

ID:
CVE-2010-2292
Title:
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
Type:
Hardware
Bulletins:
CVE-2010-2292
SFBID40691
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
Applies to:
DI-604
Created:
2010-06-15
Updated:
2017-11-10

ID:
CVE-2010-2293
Title:
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
Type:
Hardware
Bulletins:
CVE-2010-2293
SFBID40691
Severity:
Medium
Description:
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
Applies to:
DI-604
Created:
2010-06-15
Updated:
2017-11-10

ID:
MITRE:6766
Title:
oval:org.mitre.oval:def:6766: Adobe Flash Player Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:6766
CVE-2010-2170
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6903
Title:
oval:org.mitre.oval:def:6903: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6903
CVE-2010-2175
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6999
Title:
oval:org.mitre.oval:def:6999: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6999
CVE-2010-2171
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7508
Title:
oval:org.mitre.oval:def:7508: Adobe Flash Player Memory Exhaustion Vulnerability
Type:
Web
Bulletins:
MITRE:7508
CVE-2010-2160
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7166
Title:
oval:org.mitre.oval:def:7166: Adobe Flash Player Heap Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7166
CVE-2010-2162
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6781
Title:
oval:org.mitre.oval:def:6781: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6781
CVE-2010-2165
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7491
Title:
oval:org.mitre.oval:def:7491: Adobe Flash Player Multiple Heap Overflow Vulnerabilities
Type:
Web
Bulletins:
MITRE:7491
CVE-2010-2167
Severity:
Low
Description:
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6758
Title:
oval:org.mitre.oval:def:6758: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6758
CVE-2010-2182
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7528
Title:
oval:org.mitre.oval:def:7528: Adobe Flash Player Invalid Pointer Vulnerability
Type:
Web
Bulletins:
MITRE:7528
CVE-2010-2174
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7014
Title:
oval:org.mitre.oval:def:7014: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7014
CVE-2010-2180
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7501
Title:
oval:org.mitre.oval:def:7501: Adobe Flash Player Multiple Vulnerabilities that could lead to code execution
Type:
Web
Bulletins:
MITRE:7501
CVE-2010-2163
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7126
Title:
oval:org.mitre.oval:def:7126: Adobe Flash Player URL Parsing Vulnerability that could lead to cross-site scripting
Type:
Web
Bulletins:
MITRE:7126
CVE-2010-2179
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
Applies to:
Adobe AIR
Adobe Flash Player
Google Chrome
Mozilla Firefox
Created:
2010-06-11
Updated:
2015-08-10

ID:
MITRE:7303
Title:
oval:org.mitre.oval:def:7303: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability
Type:
Web
Bulletins:
MITRE:7303
CVE-2010-2161
Severity:
Low
Description:
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7364
Title:
oval:org.mitre.oval:def:7364: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7364
CVE-2010-2178
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7118
Title:
oval:org.mitre.oval:def:7118: Adobe Flash Player Denial of Service Vulnerability
Type:
Web
Bulletins:
MITRE:7118
CVE-2010-2186
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7205
Title:
oval:org.mitre.oval:def:7205: Adobe Flash Player Memory Exhaustion Vulnerability
Type:
Web
Bulletins:
MITRE:7205
CVE-2009-3793
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7187
Title:
oval:org.mitre.oval:def:7187: Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
Type:
Web
Bulletins:
MITRE:7187
CVE-2008-4546
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6765
Title:
oval:org.mitre.oval:def:6765: Adobe Flash Player Use-After-Free Vulnerability
Type:
Web
Bulletins:
MITRE:6765
CVE-2010-2164
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7431
Title:
oval:org.mitre.oval:def:7431: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7431
CVE-2010-2166
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7415
Title:
oval:org.mitre.oval:def:7415: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7415
CVE-2010-2176
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7577
Title:
oval:org.mitre.oval:def:7577: Adobe Flash Player Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7577
CVE-2010-2185
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6991
Title:
oval:org.mitre.oval:def:6991: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6991
CVE-2010-2189
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7096
Title:
oval:org.mitre.oval:def:7096: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7096
CVE-2010-2177
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7278
Title:
oval:org.mitre.oval:def:7278: Adobe Flash Player Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7278
CVE-2010-2183
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7276
Title:
oval:org.mitre.oval:def:7276: Adobe Flash Player Pointer Memory Corruption
Type:
Web
Bulletins:
MITRE:7276
CVE-2010-2169
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6946
Title:
oval:org.mitre.oval:def:6946: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6946
CVE-2010-2188
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7342
Title:
oval:org.mitre.oval:def:7342: Adobe Flash Player Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7342
CVE-2010-2181
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:6762
Title:
oval:org.mitre.oval:def:6762: Adobe Flash Player Invalid Pointer Vulnerability
Type:
Web
Bulletins:
MITRE:6762
CVE-2010-2173
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7334
Title:
oval:org.mitre.oval:def:7334: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7334
CVE-2010-2184
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
MITRE:7266
Title:
oval:org.mitre.oval:def:7266: Adobe Flash Player Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7266
CVE-2010-2187
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-06-11
Updated:
2015-08-03

ID:
CVE-2010-1573
Title:
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)...
Type:
Hardware
Bulletins:
CVE-2010-1573
SFBID40648
Severity:
High
Description:
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Applies to:
wap54g
Created:
2010-06-09
Updated:
2017-11-10

ID:
CVE-2010-2261
Title:
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Type:
Hardware
Bulletins:
CVE-2010-2261
Severity:
High
Description:
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Applies to:
wap54g
Created:
2010-06-09
Updated:
2017-11-10

ID:
MITRE:12235
Title:
oval:org.mitre.oval:def:12235: Insecure Library Loading Vulnerability
Type:
Software
Bulletins:
MITRE:12235
CVE-2010-3965
Severity:
Low
Description:
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
Applies to:
Windows Media Encoder
Created:
2010-06-08
Updated:
2015-08-10

ID:
MITRE:7116
Title:
oval:org.mitre.oval:def:7116: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
Type:
Web
Bulletins:
MITRE:7116
CVE-2010-1297
Severity:
Low
Description:
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Applies to:
Adobe Acrobat
Adobe Flash Player
Adobe Reader
Created:
2010-06-07
Updated:
2015-08-03

ID:
MITRE:7580
Title:
oval:org.mitre.oval:def:7580: Use-after-free vulnerability in Adobe Flash Player 6.0.79
Type:
Web
Bulletins:
MITRE:7580
CVE-2010-0378
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
Applies to:
Adobe Flash Player
Created:
2010-05-18
Updated:
2015-08-03

ID:
CVE-2009-4821
Title:
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi...
Type:
Hardware
Bulletins:
CVE-2009-4821
SFBID37415
Severity:
Medium
Description:
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
Applies to:
DIR-615
Created:
2010-04-27
Updated:
2017-11-10

ID:
MITRE:7049
Title:
oval:org.mitre.oval:def:7049: LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
Type:
Software
Bulletins:
MITRE:7049
CVE-2009-2285
Severity:
Low
Description:
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:7427
Title:
oval:org.mitre.oval:def:7427: Apple iTunes MP4 File Processing Denial of Service Vulnerability
Type:
Software
Bulletins:
MITRE:7427
CVE-2010-0531
Severity:
Low
Description:
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
Applies to:
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:6901
Title:
oval:org.mitre.oval:def:6901: Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:6901
CVE-2010-0043
Severity:
Low
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:6741
Title:
oval:org.mitre.oval:def:6741: Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6741
CVE-2010-0040
Severity:
Low
Description:
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:7561
Title:
oval:org.mitre.oval:def:7561: Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:7561
CVE-2010-0042
Severity:
Low
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:7110
Title:
oval:org.mitre.oval:def:7110: Apple iTunes Install or Update Privilege Escalation Vulnerability
Type:
Software
Bulletins:
MITRE:7110
CVE-2010-0532
Severity:
Low
Description:
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Applies to:
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
MITRE:6885
Title:
oval:org.mitre.oval:def:6885: Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:6885
CVE-2010-0041
Severity:
Low
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-04-09
Updated:
2015-06-22

ID:
CVE-2010-1226
Title:
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV...
Type:
Mobile Devices
Bulletins:
CVE-2010-1226
SFBID38758
Severity:
Medium
Description:
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
Applies to:
Created:
2010-04-01
Updated:
2017-11-10

ID:
CVE-2010-1181
Title:
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
Type:
Mobile Devices
Bulletins:
CVE-2010-1181
Severity:
Medium
Description:
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
Applies to:
Created:
2010-03-29
Updated:
2017-11-10

ID:
CVE-2010-0576
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers...
Type:
Hardware
Bulletins:
CVE-2010-0576
SFBID38938
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-1119
Title:
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause...
Type:
Mobile Devices
Bulletins:
CVE-2010-1119
SFBID40620
Severity:
High
Description:
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0577
Title:
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
Type:
Hardware
Bulletins:
CVE-2010-0577
SFBID38930
Severity:
High
Description:
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0578
Title:
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
Type:
Hardware
Bulletins:
CVE-2010-0578
SFBID38932
Severity:
High
Description:
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0579
Title:
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0579
Severity:
High
Description:
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0580
Title:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0580
Severity:
High
Description:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0581
Title:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0581
Severity:
High
Description:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0582
Title:
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.
Type:
Hardware
Bulletins:
CVE-2010-0582
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0583
Title:
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
Type:
Hardware
Bulletins:
CVE-2010-0583
SFBID38934
Severity:
High
Description:
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0584
Title:
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
Type:
Hardware
Bulletins:
CVE-2010-0584
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0585
Title:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
Type:
Hardware
Bulletins:
CVE-2010-0585
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
CVE-2010-0586
Title:
Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-0586
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2017-11-10

ID:
MITRE:7170
Title:
oval:org.mitre.oval:def:7170: VBScript Help Keypress Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:7170
CVE-2010-0483
Severity:
Low
Description:
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
Applies to:
VBScript 5.1
VBScript 5.6
VBScript 5.7
VBScript 5.8
Created:
2010-03-13
Updated:
2015-08-10

ID:
MITRE:8595
Title:
oval:org.mitre.oval:def:8595: Movie Maker and Producer Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:8595
CVE-2010-0265
Severity:
Low
Description:
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
Applies to:
Microsoft Producer 2003
Movie Maker 2.1
Movie Maker 2.6
Movie Maker 6.0
Created:
2010-03-09
Updated:
2015-08-10

ID:
CVE-2010-0936
Title:
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
Type:
Hardware
Bulletins:
CVE-2010-0936
SFBID37646
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
Applies to:
DKVM-IP8
Created:
2010-03-08
Updated:
2017-11-10

ID:
CVE-2010-0587
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP...
Type:
Hardware
Bulletins:
CVE-2010-0587
SFBID38496
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2017-11-10

ID:
CVE-2010-0588
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines...
Type:
Hardware
Bulletins:
CVE-2010-0588
SFBID38501
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2017-11-10

ID:
CVE-2010-0590
Title:
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register...
Type:
Hardware
Bulletins:
CVE-2010-0590
SFBID38495
Severity:
High
Description:
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2017-11-10

ID:
CVE-2010-0591
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to...
Type:
Hardware
Bulletins:
CVE-2010-0591
SFBID38498
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2017-11-10

ID:
CVE-2010-0592
Title:
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2010-0592
SFBID38497
Severity:
High
Description:
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2017-11-10

ID:
CVE-2010-0149
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2010-0149
SFBID38275
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability."
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0150
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0150
SFBID38277
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157.
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0565
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device...
Type:
Hardware
Bulletins:
CVE-2010-0565
SFBID38280
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability."
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0566
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2010-0566
SFBID38278
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0567
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0567
SFBID38279
Severity:
Medium
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0568
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote...
Type:
Hardware
Bulletins:
CVE-2010-0568
SFBID38279
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
CVE-2010-0569
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0569
SFBID38281
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018.
Applies to:
Created:
2010-02-19
Updated:
2017-11-10

ID:
MITRE:8518
Title:
oval:org.mitre.oval:def:8518: Adobe Flash Player, Acrobat, Adobe Reader and AIR Cross Domain Request Vulnerability
Type:
Web
Bulletins:
MITRE:8518
CVE-2010-0186
Severity:
Low
Description:
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
Applies to:
Adobe AIR
Adobe Acrobat
Adobe Flash Player
Adobe Reader
Created:
2010-02-14
Updated:
2015-08-03

ID:
MITRE:8393
Title:
oval:org.mitre.oval:def:8393: Adobe Flash Player and AIR Denial of Service Vulnerability
Type:
Web
Bulletins:
MITRE:8393
CVE-2010-0187
Severity:
Low
Description:
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-02-14
Updated:
2015-08-03

ID:
CVE-2010-0038
Title:
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that...
Type:
Mobile Devices
Bulletins:
CVE-2010-0038
SFBID38040
Severity:
Medium
Description:
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
Applies to:
Created:
2010-02-03
Updated:
2017-11-10

ID:
CVE-2010-0137
Title:
Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.
Type:
Hardware
Bulletins:
CVE-2010-0137
SFBID37878
Severity:
High
Description:
Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.
Applies to:
Created:
2010-01-21
Updated:
2017-11-10

ID:
MITRE:7709
Title:
oval:org.mitre.oval:def:7709: libpng buffer overflow
Type:
Software
Bulletins:
MITRE:7709
CVE-2004-0597
Severity:
Low
Description:
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
Applies to:
Adobe Acrobat Reader
MSN Messenger 4.7
MSN Messenger 6.1
MSN Messenger 6.2
Created:
2010-01-15
Updated:
2015-05-04

ID:
MITRE:6694
Title:
oval:org.mitre.oval:def:6694: Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability
Type:
Web
Bulletins:
MITRE:6694
CVE-2009-1867
Severity:
Low
Description:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7191
Title:
oval:org.mitre.oval:def:7191: Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7191
CVE-2009-3799
Severity:
Low
Description:
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7271
Title:
oval:org.mitre.oval:def:7271: Adobe Flash Player and AIR Stack Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7271
CVE-2009-1866
Severity:
Low
Description:
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6899
Title:
oval:org.mitre.oval:def:6899: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6899
CVE-2009-3798
Severity:
Low
Description:
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7465
Title:
oval:org.mitre.oval:def:7465: Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:7465
CVE-2009-3794
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6648
Title:
oval:org.mitre.oval:def:6648: Adobe Flash Player and AIR Sandbox Bypass Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:6648
CVE-2009-1870
Severity:
Low
Description:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6865
Title:
oval:org.mitre.oval:def:6865: Adobe Flash Player and AIR URI Parsing Heap Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:6865
CVE-2009-1868
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6660
Title:
oval:org.mitre.oval:def:6660: Adobe Flash Player and AIR Loader Object Heap Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:6660
CVE-2009-1864
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6972
Title:
oval:org.mitre.oval:def:6972: Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
Type:
Web
Bulletins:
MITRE:6972
CVE-2009-3800
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6998
Title:
oval:org.mitre.oval:def:6998: Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:6998
CVE-2009-1869
Severity:
Low
Description:
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7140
Title:
oval:org.mitre.oval:def:7140: Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:7140
CVE-2009-3797
Severity:
Low
Description:
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7460
Title:
oval:org.mitre.oval:def:7460: Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
Type:
Web
Bulletins:
MITRE:7460
CVE-2009-3796
Severity:
Low
Description:
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6961
Title:
oval:org.mitre.oval:def:6961: Adobe Flash Player and AIR Unspecified Privilege Escalation Vulnerability
Type:
Web
Bulletins:
MITRE:6961
CVE-2009-1863
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:6663
Title:
oval:org.mitre.oval:def:6663: Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:6663
CVE-2009-3951
Severity:
Low
Description:
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7011
Title:
oval:org.mitre.oval:def:7011: Adobe Flash Player and AIR NULL Pointer Exception Remote Code Execution Vulnerability
Type:
Web
Bulletins:
MITRE:7011
CVE-2009-1865
Severity:
Low
Description:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
Applies to:
Adobe AIR
Adobe Flash Player
Created:
2010-01-14
Updated:
2015-08-03

ID:
MITRE:7573
Title:
oval:org.mitre.oval:def:7573: ATL Null String Vulnerability
Type:
Mail
Bulletins:
MITRE:7573
CVE-2009-2495
Severity:
Low
Description:
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Applies to:
Microsoft Office Visio Viewer 2003
Microsoft Office Visio Viewer 2007
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Visio Viewer 2002
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Created:
2010-01-12
Updated:
2015-08-10

ID:
MITRE:7995
Title:
oval:org.mitre.oval:def:7995: Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:7995
CVE-2008-4116
Severity:
Low
Description:
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
Applies to:
Apple QuickTime
Apple iTunes
Created:
2010-01-12
Updated:
2015-06-22