Export limit exceeded: 26279 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26279 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1851 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
CVE-2010-1852 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
CVE-2010-2630 1 Libtiff 1 Libtiff 2025-04-11 N/A
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
CVE-2010-2631 1 Libtiff 1 Libtiff 2025-04-11 N/A
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
CVE-2010-2639 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."
CVE-2010-2640 1 Redhat 2 Enterprise Linux, Evince 2025-04-11 N/A
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVE-2010-2641 1 Redhat 2 Enterprise Linux, Evince 2025-04-11 N/A
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVE-2010-2725 1 Barnowl 1 Barnowl 2025-04-11 N/A
BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
CVE-2010-2758 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.
CVE-2010-2754 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
CVE-2010-2787 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
CVE-2010-2791 3 Apache, Redhat, Unix 3 Http Server, Enterprise Linux, Unix 2025-04-11 N/A
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
CVE-2010-2795 1 Joachim Fritschi 1 Phpcas 2025-04-11 N/A
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.
CVE-2010-2819 1 Cisco 4 Catalyst 6500, Catalyst 7600, Firewall Services Module and 1 more 2025-04-11 N/A
Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.
CVE-2010-2859 1 Boesch-it 1 Simpnews 2025-04-11 N/A
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
CVE-2010-2872 1 Adobe 1 Shockwave Player 2025-04-11 N/A
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.
CVE-2010-2876 1 Adobe 1 Shockwave Player 2025-04-11 N/A
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
CVE-2010-2877 1 Adobe 1 Shockwave Player 2025-04-11 N/A
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.
CVE-2010-2878 1 Adobe 1 Shockwave Player 2025-04-11 N/A
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
CVE-2010-3491 1 Tibco 4 Activematrix Businessworks Service Engine, Activematrix Service Bus, Activematrix Service Grid and 1 more 2025-04-11 N/A
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.