Search

Search Results (363680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2197 1 Apple 1 Safari 2025-04-12 N/A
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
CVE-2009-5023 1 Fail2ban 1 Fail2ban 2025-04-12 N/A
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
CVE-2009-5142 2 Binarymoon, Prothemedesign 2 Timthumb, Mimbo Pro 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.
CVE-2009-5143 1 Gehealthcare 1 Discovery 530c Firmware 2025-04-12 N/A
GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2009-5149 1 Arris 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more 2025-04-12 N/A
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
CVE-2010-1441 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
CVE-2010-1442 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
CVE-2010-1443 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
CVE-2010-1444 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
CVE-2010-1445 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
CVE-2010-2062 1 Videolan 1 Vlc Media Player 2025-04-12 N/A
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
CVE-2010-2236 1 Redhat 3 Network Proxy, Satellite, Spacewalk-java 2025-04-12 N/A
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
CVE-2010-4820 2 Ghostscript, Redhat 2 Ghostscript, Enterprise Linux 2025-04-12 N/A
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
CVE-2010-4832 1 Google 1 Android 2025-04-12 N/A
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.
CVE-2010-5075 1 Avast\! 1 Avast\! Internet Security 2025-04-12 N/A
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.
CVE-2010-5077 3 Ioquake3, Openarena, Tremulous 3 Ioquake3 Engine, Openarena, Tremulous 2025-04-12 N/A
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
CVE-2010-5109 2 Fedoraproject, Randall Hand 2 Fedora, Yerase\'s Tnef Stream Reader 2025-04-12 N/A
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
CVE-2010-5110 1 Freedesktop 1 Poppler 2025-04-12 N/A
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2010-5111 1 Echoping Project 1 Echoping 2025-04-12 N/A
Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.
CVE-2010-5322 1 Ajsquare 1 Zeuscart 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.