Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 153943 entries
IDDescriptionPriorityModified date
CVE-2010-0114 fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. High Dec 22, 2010
CVE-2010-0113 The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. Medium Nov 16, 2010
CVE-2010-0112 Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp. High Oct 30, 2010
CVE-2010-0111 HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. High Feb 4, 2011
CVE-2010-0110 Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service. High Feb 5, 2011
CVE-2010-0109 DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. LOW Feb 19, 2018
CVE-2010-0108 Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. High Mar 2, 2010
CVE-2010-0107 Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can masquerade as an authorized site. High Mar 2, 2010
CVE-2010-0106 The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, Client Security 3.0.x and 3.1.x before MR9, and Endpoint Protection 11.x, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via specific events that prevent the user from having read access to unspecified resources. Low Feb 26, 2010
CVE-2010-0105 The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions. Medium Apr 28, 2010
CVE-2010-0104 Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. High Mar 19, 2010
CVE-2010-0103 UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.Per: http://www.energizer.com/usbcharger/download/March_8_2010_USB_Release__3_.pdf Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. High Mar 10, 2010
CVE-2010-0101 The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. High May 7, 2010
CVE-2010-0099 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0092. Reason: This candidate is a duplicate of CVE-2010-0092. Notes: All CVE users should reference CVE-2010-0092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jul 22, 2010
CVE-2010-0098 ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. High Apr 9, 2010
CVE-2010-0097 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. Medium Feb 2, 2010
CVE-2010-0095 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0094 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux High Apr 17, 2010
CVE-2010-0093 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0092 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0091 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0090 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0089 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0088 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0087 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux High Apr 17, 2010
CVE-2010-0086 Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. Medium Apr 17, 2010
CVE-2010-0085 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0084 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0083 Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. High Jul 14, 2010
CVE-2010-0082 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Affected product releases and versions: Java SE: JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 23 and earlier for Solaris SDK 1.4.2_25 and earlier for Solaris Java for Business: JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux Medium Apr 17, 2010
CVE-2010-0081 Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors. Low Jul 14, 2010
CVE-2010-0080 Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Medium Jan 13, 2010
CVE-2010-0079 Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. High Jan 13, 2010
CVE-2010-0078 Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. Medium Jan 13, 2010
CVE-2010-0077 Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. Medium Jan 13, 2010
CVE-2010-0076 Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Medium Jan 13, 2010
CVE-2010-0075 Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors. Medium Jan 13, 2010
CVE-2010-0074 Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. Medium Jan 13, 2010
CVE-2010-0073 Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. High Apr 17, 2010
CVE-2010-0072 Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. High Jan 13, 2010
CVE-2010-0071 Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. High Jan 13, 2010
CVE-2010-0070 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors. Medium Jan 13, 2010
CVE-2010-0069 Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors. Medium Jan 13, 2010
CVE-2010-0068 Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors. Medium Jan 13, 2010
CVE-2010-0067 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors. Medium Jan 13, 2010
CVE-2010-0066 Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. Medium Jan 13, 2010
CVE-2010-0065 Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. Medium Mar 31, 2010
CVE-2010-0064 DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. Medium Mar 31, 2010
CVE-2010-0063 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.Per: http://cwe.mitre.org/data/slices/2000.html 'Incomplete Blacklist - CWE-184' Medium Mar 31, 2010
CVE-2010-0062 Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. Medium Apr 2, 2010
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online