Total
6444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2026-06-16 | 6.8 MEDIUM | N/A |
| The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | |||||
| CVE-2010-2789 | 1 Mediawiki | 1 Mediawiki | 2026-06-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2010-2771 | 1 Ibm | 1 Soliddb | 2026-06-16 | 10.0 HIGH | N/A |
| solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. | |||||
| CVE-2010-2766 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-06-16 | 9.3 HIGH | N/A |
| The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. | |||||
| CVE-2010-2761 | 1 Andy Armstrong | 2 Cgi-simple, Cgi.pm | 2026-06-16 | 4.3 MEDIUM | N/A |
| The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | |||||
| CVE-2010-2750 | 1 Microsoft | 2 Office, Word | 2026-06-16 | 9.3 HIGH | N/A |
| Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | |||||
| CVE-2010-2748 | 1 Microsoft | 2 Office, Word | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." | |||||
| CVE-2010-2747 | 1 Microsoft | 2 Office, Word | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." | |||||
| CVE-2010-2745 | 1 Microsoft | 7 Windows 2003 Server, Windows 7, Windows Media Player and 4 more | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." | |||||
| CVE-2010-2681 | 1 Joomla | 2 Com Sef, Joomla\! | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | |||||
| CVE-2010-2677 | 1 Openwebanalytics | 1 Open Web Analytics | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2628 | 1 Strongswan | 1 Strongswan | 2026-06-16 | 7.5 HIGH | N/A |
| The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. | |||||
| CVE-2010-2626 | 1 Miyabi-seo | 1 Cgi Tools Seo Links | 2026-06-16 | 7.5 HIGH | N/A |
| index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2618 | 1 Insanevisions | 1 Adapcms | 2026-06-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2026-06-16 | 6.8 MEDIUM | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | |||||
| CVE-2010-2569 | 1 Microsoft | 1 Publisher | 2026-06-16 | 9.3 HIGH | N/A |
| pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." | |||||
| CVE-2010-2567 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2026-06-16 | 9.3 HIGH | N/A |
| The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." | |||||
| CVE-2010-2564 | 1 Microsoft | 1 Windows Movie Maker | 2026-06-16 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." | |||||
| CVE-2010-2563 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2026-06-16 | 9.3 HIGH | N/A |
| The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." | |||||
| CVE-2010-2562 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." | |||||
