Total
2696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3816 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | |||||
| CVE-2010-3811 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. | |||||
| CVE-2010-3766 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. | |||||
| CVE-2010-3740 | 1 Ibm | 1 Db2 | 2017-09-19 | 4.0 MEDIUM | N/A |
| The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | |||||
| CVE-2010-3737 | 1 Ibm | 1 Db2 | 2017-09-19 | 3.5 LOW | N/A |
| Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | |||||
| CVE-2010-3736 | 1 Ibm | 1 Db2 | 2017-09-19 | 4.0 MEDIUM | N/A |
| Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | |||||
| CVE-2010-3735 | 1 Ibm | 1 Db2 | 2017-09-19 | 2.1 LOW | N/A |
| The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | |||||
| CVE-2010-3633 | 1 Adobe | 1 Flash Media Server | 2017-09-19 | 5.0 MEDIUM | N/A |
| Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2010-3445 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. | |||||
| CVE-2010-3180 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | |||||
| CVE-2010-3167 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | |||||
| CVE-2010-3021 | 1 Opera | 1 Opera Browser | 2017-09-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image. | |||||
| CVE-2010-2874 | 1 Adobe | 1 Shockwave Player | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both. | |||||
| CVE-2010-2767 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | |||||
| CVE-2010-2760 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | |||||
| CVE-2010-2755 | 1 Mozilla | 1 Firefox | 2017-09-19 | 10.0 HIGH | N/A |
| layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. | |||||
| CVE-2010-2528 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 4.0 MEDIUM | N/A |
| The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | |||||
| CVE-2010-2286 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 3.3 LOW | N/A |
| The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2010-1939 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 7.6 HIGH | N/A |
| Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | |||||
| CVE-2010-1806 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | |||||