Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3819 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2026-06-16 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2010-3809 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2026-06-16 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2010-3808 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2026-06-16 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2010-3761 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700. NOTE: this might overlap CVE-2010-3058 or CVE-2010-3059.
CVE-2010-3759 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-16 10.0 HIGH N/A
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058.
CVE-2010-3758 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-16 10.0 HIGH N/A
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059.
CVE-2010-3749 1 Realnetworks 2 Realplayer, Realplayer Sp 2026-06-16 9.3 HIGH N/A
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
CVE-2010-3742 1 Dustincowell 1 Free Simple Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.
CVE-2010-3719 1 Symantec 1 Im Manager 2026-06-16 8.5 HIGH N/A
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
CVE-2010-3635 1 Adobe 1 Flash Media Server 2026-06-16 10.0 HIGH N/A
Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability."
CVE-2010-3625 1 Adobe 2 Acrobat, Acrobat Reader 2026-06-16 9.3 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
CVE-2010-3429 2 Ffmpeg, Mplayerhq 3 Ffmpeg, Libavcodec, Mplayer 2026-06-16 6.8 MEDIUM N/A
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
CVE-2010-3419 1 Haudenschilt 1 Family Connections Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
CVE-2010-3340 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2026-06-16 9.3 HIGH N/A
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-3331 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2026-06-16 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3329 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2026-06-16 9.3 HIGH N/A
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3326 1 Microsoft 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more 2026-06-16 9.3 HIGH N/A
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3313 1 Egroupware 1 Egroupware 2026-06-16 7.5 HIGH N/A
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
CVE-2010-3308 1 Xelerance 1 Openswan 2026-06-16 6.5 MEDIUM N/A
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field.
CVE-2010-3307 1 Dustincowell 1 Free Simple Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.