Total
347113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2213 | 1 Adobe | 3 Adobe Air, Flash Player, Flash Player For Linux | 2026-04-29 | 9.3 HIGH | N/A |
| Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216. | |||||
| CVE-2010-0199 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2026-04-29 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203. | |||||
| CVE-2010-2583 | 1 Sonicwall | 1 Ssl-vpn End-point Interrogator\/installer Activex Control | 2026-04-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. | |||||
| CVE-2013-1291 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Server 2003 and 3 more | 2026-04-29 | 7.1 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." | |||||
| CVE-2010-4967 | 1 Atcom | 1 Netvolution | 2026-04-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | |||||
| CVE-2011-1081 | 1 Openldap | 1 Openldap | 2026-04-29 | 5.0 MEDIUM | N/A |
| modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. | |||||
| CVE-2010-0768 | 1 Ibm | 1 Websphere Application Server | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2012-1955 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-29 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | |||||
| CVE-2011-0195 | 1 Apple | 1 Iphone Os | 2026-04-29 | 4.3 MEDIUM | N/A |
| The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | |||||
| CVE-2012-5781 | 1 Amazon | 1 Elastic Load Balancing | 2026-04-29 | 5.8 MEDIUM | N/A |
| Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager. | |||||
| CVE-2010-0463 | 1 Horde | 1 Imp | 2026-04-29 | 5.0 MEDIUM | N/A |
| Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | |||||
| CVE-2012-5674 | 1 Adobe | 1 Coldfusion | 2026-04-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2010-2427 | 1 Vmware | 1 Studio | 2026-04-29 | 4.4 MEDIUM | N/A |
| VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-4297 | 1 Vmware | 6 Esx, Esxi, Fusion and 3 more | 2026-04-29 | 7.2 HIGH | N/A |
| The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | |||||
| CVE-2010-0213 | 1 Isc | 1 Bind | 2026-04-29 | 2.6 LOW | N/A |
| BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | |||||
| CVE-2011-0310 | 1 Ibm | 1 Websphere Mq | 2026-04-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | |||||
| CVE-2011-1300 | 3 Google, Microsoft, Mozilla | 3 Chrome, Windows, Firefox | 2026-04-29 | 10.0 HIGH | N/A |
| The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. | |||||
| CVE-2010-3816 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | |||||
| CVE-2012-2770 | 2 Bestpractical, Mike Peachey | 2 Rt, Authen\ | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user." | |||||
| CVE-2010-2743 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2026-04-29 | 7.2 HIGH | N/A |
| The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. | |||||