The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2010-3054 | Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. | Medium | Aug 20, 2010 |
| CVE-2010-3053 | bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. | Medium | Aug 20, 2010 |
| CVE-2010-3050 | Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | Medium | Oct 3, 2017 |
| CVE-2010-3049 | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | Medium | Oct 3, 2017 |
| CVE-2010-3048 | Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | MEDIUM | Jan 16, 2020 |
| CVE-2010-3044 | Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. | High | Feb 5, 2011 |
| CVE-2010-3043 | Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044. | High | Feb 10, 2011 |
| CVE-2010-3042 | Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044. | High | Feb 5, 2011 |
| CVE-2010-3041 | Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044. | High | Feb 5, 2011 |
| CVE-2010-3040 | Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.Per: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 \'Cisco has confirmed this vulnerability in software release notes; however, software updates are not available.\' | High | Nov 10, 2010 |
| CVE-2010-3039 | /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | Medium | Nov 10, 2010 |
| CVE-2010-3038 | Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008. | High | Nov 30, 2010 |
| CVE-2010-3037 | goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a shell command injection vulnerability, aka Bug ID CSCti54059. | High | Nov 23, 2010 |
| CVE-2010-3036 | Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. | High | Nov 1, 2010 |
| CVE-2010-3035 | Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. | Medium | Aug 31, 2010 |
| CVE-2010-3034 | Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | Medium | Sep 13, 2010 |
| CVE-2010-3033 | Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | High | Sep 13, 2010 |
| CVE-2010-3032 | Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | High | Aug 30, 2010 |
| CVE-2010-3031 | Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service. | High | Aug 30, 2010 |
| CVE-2010-3030 | Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Aug 18, 2010 |
| CVE-2010-3029 | SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action. | High | Aug 17, 2010 |
| CVE-2010-3028 | The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | Low | Aug 17, 2010 |
| CVE-2010-3027 | SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action. | High | Aug 17, 2010 |
| CVE-2010-3026 | Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges. | Medium | Aug 17, 2010 |
| CVE-2010-3025 | Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit. | Medium | Aug 17, 2010 |
| CVE-2010-3024 | Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site\'s configuration. | Medium | Aug 17, 2010 |
| CVE-2010-3023 | Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml. | Medium | Aug 17, 2010 |
| CVE-2010-3022 | Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | Low | Aug 17, 2010 |
| CVE-2010-3021 | Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image. | Medium | Aug 17, 2010 |
| CVE-2010-3020 | The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. | Medium | Aug 17, 2010 |
| CVE-2010-3019 | Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations. | High | Aug 17, 2010 |
| CVE-2010-3018 | RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. | Medium | Sep 10, 2010 |
| CVE-2010-3017 | Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors. | Medium | Sep 10, 2010 |
| CVE-2010-3016 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2803. Reason: This candidate is a reservation duplicate of CVE-2010-2803. Notes: All CVE users should reference CVE-2010-2803 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Aug 17, 2010 |
| CVE-2010-3015 | Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. | Medium | Aug 24, 2010 |
| CVE-2010-3014 | The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | Low | Aug 23, 2010 |
| CVE-2010-3013 | SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | High | Aug 16, 2010 |
| CVE-2010-3012 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. | Medium | Sep 20, 2010 |
| CVE-2010-3011 | CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | Medium | Sep 20, 2010 |
| CVE-2010-3010 | Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Sep 16, 2010 |
| CVE-2010-3009 | Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors. | High | Sep 16, 2010 |
| CVE-2010-3008 | Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007. | High | Sep 14, 2010 |
| CVE-2010-3007 | Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. | High | Sep 10, 2010 |
| CVE-2010-3006 | Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors. | High | Sep 14, 2010 |
| CVE-2010-3005 | Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. | Medium | Sep 10, 2010 |
| CVE-2010-3004 | Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.Per: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800 \'A potential security vulnerability has been identified with HP Operations Agent running on Windows.\' | High | Sep 9, 2010 |
| CVE-2010-3003 | Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Sep 13, 2010 |
| CVE-2010-3002 | Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors. | High | Aug 31, 2010 |
| CVE-2010-3001 | Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to multiple browser windows. | High | Aug 31, 2010 |
| CVE-2010-3000 | Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. | High | Aug 31, 2010 |
