CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2010-0444 255 Exec Code 2010-02-09 2010-02-13
10.0
None Remote Low Not required Complete Complete Complete
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.
152 CVE-2010-0443 264 +Priv 2010-02-04 2017-08-17
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.
153 CVE-2010-0442 189 DoS Overflow 2010-02-02 2017-09-19
6.5
None Remote Low ??? Partial Partial Partial
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
154 CVE-2010-0441 20 DoS 2010-02-04 2018-10-10
5.0
None Remote Low Not required None None Partial
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
155 CVE-2010-0440 79 XSS 2010-02-03 2018-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
156 CVE-2010-0438 89 Exec Code Sql 2010-02-09 2010-09-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
157 CVE-2010-0427 264 +Priv 2010-02-25 2018-10-10
4.4
None Local Medium Not required Partial Partial Partial
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
158 CVE-2010-0426 264 +Priv 2010-02-24 2018-10-10
6.9
None Local Medium Not required Complete Complete Complete
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
159 CVE-2010-0424 59 DoS 2010-02-25 2018-01-06
3.3
None Local Medium Not required None Partial Partial
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
160 CVE-2010-0423 399 DoS 2010-02-24 2017-09-19
5.0
None Remote Low Not required None None Partial
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
161 CVE-2010-0422 Bypass 2010-02-24 2017-08-17
4.0
None Local High Not required None Complete None
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.
162 CVE-2010-0420 20 DoS 2010-02-24 2017-09-19
4.3
None Remote Medium Not required None None Partial
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
163 CVE-2010-0417 119 DoS Exec Code Overflow Mem. Corr. 2010-02-18 2017-09-19
5.0
None Remote Low Not required None None Partial
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
164 CVE-2010-0416 119 DoS Exec Code Overflow 2010-02-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
165 CVE-2010-0415 DoS 2010-02-17 2018-10-10
4.6
None Local Low Not required Partial Partial Partial
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
166 CVE-2010-0414 Bypass 2010-02-11 2010-02-26
7.2
None Local Low Not required Complete Complete Complete
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
167 CVE-2010-0412 2010-02-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.
168 CVE-2010-0411 189 DoS Overflow 2010-02-08 2017-09-19
4.9
None Local Low Not required None None Complete
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
169 CVE-2010-0410 399 DoS 2010-02-22 2018-11-16
4.9
None Local Low Not required None None Complete
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.
170 CVE-2010-0409 119 DoS Exec Code Overflow 2010-02-08 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.
171 CVE-2010-0394 20 Exec Code 2010-02-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
172 CVE-2010-0309 16 DoS 2010-02-12 2017-09-19
6.8
None Remote Low ??? None None Complete
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.
173 CVE-2010-0308 20 DoS 2010-02-03 2017-09-19
4.0
None Remote Low ??? None None Partial
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
174 CVE-2010-0307 DoS 2010-02-17 2018-11-16
4.7
None Local Medium Not required None None Complete
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
175 CVE-2010-0306 264 DoS +Priv 2010-02-12 2017-09-19
4.1
None Local Medium ??? Partial Partial Partial
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
176 CVE-2010-0305 20 DoS 2010-02-03 2017-08-17
5.0
None Remote Low Not required None None Partial
ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
177 CVE-2010-0304 119 1 DoS Overflow 2010-02-03 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
178 CVE-2010-0303 20 DoS 2010-02-04 2017-08-17
5.0
None Remote Low Not required None None Partial
mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service.
179 CVE-2010-0301 264 +Priv 2010-02-04 2017-08-17
6.9
None Local Medium Not required Complete Complete Complete
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.
180 CVE-2010-0300 DoS 2010-02-04 2010-02-05
5.0
None Remote Low Not required None None Partial
cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.
181 CVE-2010-0299 264 +Priv 2010-02-22 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.
182 CVE-2010-0298 264 DoS +Priv 2010-02-12 2017-09-19
6.5
None Remote Low ??? Partial Partial Partial
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
183 CVE-2010-0297 119 DoS Exec Code Overflow 2010-02-12 2020-11-02
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
184 CVE-2010-0295 399 DoS 2010-02-03 2017-08-17
5.0
None Remote Low Not required None None Partial
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
185 CVE-2010-0294 399 DoS 2010-02-08 2010-02-09
5.0
None Remote Low Not required None None Partial
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.
186 CVE-2010-0293 399 DoS 2010-02-08 2010-02-09
5.0
None Remote Low Not required None None Partial
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
187 CVE-2010-0292 399 DoS 2010-02-08 2010-02-09
5.0
None Remote Low Not required None None Partial
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
188 CVE-2010-0291 264 DoS +Priv 2010-02-15 2018-11-16
4.6
None Local Low Not required Partial Partial Partial
The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."
189 CVE-2010-0289 352 CSRF 2010-02-15 2019-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
190 CVE-2010-0288 264 1 +Priv 2010-02-15 2019-09-23
7.5
None Remote Low Not required Partial Partial Partial
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
191 CVE-2010-0287 22 1 Dir. Trav. 2010-02-15 2019-09-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
192 CVE-2010-0286 Bypass 2010-02-22 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
193 CVE-2010-0285 Bypass 2010-02-24 2017-08-17
5.6
None Local High Not required Complete Complete None
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
194 CVE-2010-0283 20 DoS 2010-02-22 2020-01-21
7.8
None Remote Low Not required None None Complete
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
195 CVE-2010-0255 264 Bypass 2010-02-04 2021-07-23
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
196 CVE-2010-0252 94 Exec Code 2010-02-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
197 CVE-2010-0250 119 Exec Code Overflow 2010-02-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
198 CVE-2010-0243 119 Exec Code Overflow 2010-02-10 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
199 CVE-2010-0242 399 DoS 2010-02-10 2018-10-12
7.8
None Remote Low Not required None None Complete
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
200 CVE-2010-0241 94 Exec Code 2010-02-10 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
Total number of vulnerabilities : 308   Page : 1 2 3 4 (This Page)5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.