CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2010-2594 352 CSRF 2010-07-02 2010-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
152 CVE-2010-2568 20 Exec Code 2010-07-22 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
153 CVE-2010-2549 399 1 DoS +Priv 2010-07-02 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
154 CVE-2010-2534 399 DoS 2010-07-28 2017-08-17
5.0
None Remote Low Not required None None Partial
The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
155 CVE-2010-2529 DoS 2010-07-28 2010-07-28
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.
156 CVE-2010-2528 399 DoS 2010-07-30 2017-09-19
4.0
None Remote Low ??? None None Partial
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
157 CVE-2010-2523 119 Overflow 2010-07-13 2011-01-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.
158 CVE-2010-2522 264 2010-07-13 2011-01-14
2.1
None Local Low Not required None Partial None
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
159 CVE-2010-2494 119 DoS Overflow Mem. Corr. 2010-07-08 2013-02-14
5.0
None Remote Low Not required None None Partial
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
160 CVE-2010-2489 119 Overflow +Priv 2010-07-12 2017-08-17
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
161 CVE-2010-2483 119 DoS Overflow 2010-07-06 2013-05-15
4.3
None Remote Medium Not required None None Partial
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
162 CVE-2010-2482 DoS 2010-07-06 2013-05-15
4.3
None Remote Medium Not required None None Partial
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
163 CVE-2010-2481 119 DoS Overflow 2010-07-06 2013-05-15
4.3
None Remote Medium Not required None None Partial
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
164 CVE-2010-2480 79 XSS 2010-07-02 2010-09-09
4.3
None Remote Medium Not required None Partial None
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
165 CVE-2010-2479 79 XSS 2010-07-06 2010-07-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
166 CVE-2010-2448 DoS 2010-07-12 2010-07-12
3.5
None Remote Medium ??? None None Partial
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
167 CVE-2010-2445 78 Exec Code 2010-07-08 2021-06-30
10.0
None Remote Low Not required Complete Complete Complete
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.
168 CVE-2010-2427 264 +Priv 2010-07-22 2018-10-10
4.4
None Local Medium Not required Partial Partial Partial
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.
169 CVE-2010-2403 2010-07-13 2012-10-23
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.
170 CVE-2010-2402 2010-07-13 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
171 CVE-2010-2401 2010-07-13 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile Mgr component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #9 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
172 CVE-2010-2400 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
173 CVE-2010-2399 2010-07-13 2012-10-23
4.6
None Local Low ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/VM.
174 CVE-2010-2398 2010-07-13 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #12 allows remote authenticated users to affect confidentiality via unknown vectors.
175 CVE-2010-2397 2010-07-13 2012-10-23
2.4
None Local High ??? Partial Partial None
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI.
176 CVE-2010-2394 2010-07-13 2012-10-23
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to TCP/IP.
177 CVE-2010-2393 2010-07-13 2012-10-23
3.8
None Local High ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.
178 CVE-2010-2392 2010-07-13 2012-10-23
5.6
None Local Low Not required None Partial Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to ZFS.
179 CVE-2010-2386 2010-07-13 2012-10-23
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver.
180 CVE-2010-2385 2010-07-13 2012-10-23
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4.0.13 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration Server.
181 CVE-2010-2384 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
182 CVE-2010-2383 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
183 CVE-2010-2382 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
184 CVE-2010-2381 2010-07-13 2016-11-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081.
185 CVE-2010-2380 2010-07-13 2012-10-23
4.3
None Local Low ??? Partial Partial Partial
Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft and JDEdwards Suite SCM 8.9 Bundle #37, SCM 9.0 Bundle #30, and SCM 9.1 Bundle #4 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
186 CVE-2010-2379 2010-07-13 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time & Labor component in Oracle PeopleSoft and JDEdwards Suite HCM 9.0 Bundle #13 and HCM 9.1 Bundle #2 allows remote authenticated users to affect confidentiality via unknown vectors.
187 CVE-2010-2378 2010-07-13 2012-10-23
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite CRM 9.0 Bundle #28 and CRM 9.1 Bundle #4 allows local users to affect confidentiality and integrity via unknown vectors.
188 CVE-2010-2377 2010-07-13 2012-10-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 and 8.50.10 allows remote authenticated users to affect integrity via unknown vectors.
189 CVE-2010-2376 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
190 CVE-2010-2375 2010-07-13 2018-10-30
6.4
None Remote Low Not required Partial Partial None
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
191 CVE-2010-2374 2010-07-13 2012-10-23
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in Solaris Studio 12 update 1 allows local users to affect confidentiality and integrity via unknown vectors.
192 CVE-2010-2373 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors.
193 CVE-2010-2372 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371.
194 CVE-2010-2371 2010-07-13 2012-10-23
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-2372.
195 CVE-2010-2370 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM.
196 CVE-2010-2337 20 2010-07-28 2017-08-17
6.0
None Remote Medium ??? Partial Partial Partial
Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
197 CVE-2010-2253 20 Exec Code 2010-07-06 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
198 CVE-2010-2252 20 Exec Code 2010-07-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
199 CVE-2010-2251 20 Exec Code 2010-07-06 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
200 CVE-2010-2244 DoS 2010-07-08 2011-03-07
4.3
None Remote Medium Not required None None Partial
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
Total number of vulnerabilities : 343   Page : 1 2 3 4 (This Page)5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.