The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2010-3374 | Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.Per: http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms \'The issue does not affect Windows or Mac OS X.\' | Medium | Oct 5, 2010 |
| CVE-2010-3373 | paxtest handles temporary files insecurely | LOW | Oct 29, 2019 |
| CVE-2010-3372 | Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information.Per: http://cwe.mitre.org/data/definitions/426.html \'CWE-426: Untrusted Search Path\' | Medium | Dec 9, 2010 |
| CVE-2010-3369 | The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3366 | Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3365 | Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3364 | The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3363 | roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3362 | lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3361 | The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 22, 2010 |
| CVE-2010-3360 | Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3359 | If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user\'s account. | MEDIUM | Nov 12, 2019 |
| CVE-2010-3358 | HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 22, 2010 |
| CVE-2010-3357 | gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Nov 3, 2010 |
| CVE-2010-3355 | Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 22, 2010 |
| CVE-2010-3354 | dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3353 | Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3351 | startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3350 | bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3349 | Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | Medium | Oct 21, 2010 |
| CVE-2010-3348 | Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka Cross-Domain Information Disclosure Vulnerability, a different vulnerability than CVE-2010-3342. | Medium | Dec 20, 2010 |
| CVE-2010-3347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
| CVE-2010-3346 | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka HTML Element Memory Corruption Vulnerability. | High | Dec 17, 2010 |
| CVE-2010-3345 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka HTML Element Memory Corruption Vulnerability. | High | Dec 20, 2010 |
| CVE-2010-3344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
| CVE-2010-3343 | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka HTML Object Memory Corruption Vulnerability. | High | Dec 16, 2010 |
| CVE-2010-3342 | Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka Cross-Domain Information Disclosure Vulnerability, a different vulnerability than CVE-2010-3348. | Medium | Dec 17, 2010 |
| CVE-2010-3341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
| CVE-2010-3340 | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka HTML Object Memory Corruption Vulnerability. | High | Dec 20, 2010 |
| CVE-2010-3339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
| CVE-2010-3338 | The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka Task Scheduler Vulnerability. NOTE: this might overlap CVE-2010-3888. | High | Dec 16, 2010 |
| CVE-2010-3337 | Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Insecure Library Loading Vulnerability. NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.Per: http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx \'FAQ for Insecure Library Loading Vulnerability - CVE-2010-3337: This is a remote code execution vulnerability.\' | High | Nov 10, 2010 |
| CVE-2010-3336 | Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka MSO Large SPID Read AV Vulnerability. | High | Nov 10, 2010 |
| CVE-2010-3335 | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka Drawing Exception Handling Vulnerability. | High | Nov 10, 2010 |
| CVE-2010-3334 | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka Office Art Drawing Records Vulnerability. | High | Nov 11, 2010 |
| CVE-2010-3333 | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka RTF Stack Buffer Overflow Vulnerability. | High | Nov 10, 2010 |
| CVE-2010-3332 | Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka ASP.NET Padding Oracle Vulnerability. | Medium | Oct 5, 2010 |
| CVE-2010-3331 | Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka Uninitialized Memory Corruption Vulnerability. | High | Oct 14, 2010 |
| CVE-2010-3330 | Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka Cross-Domain Information Disclosure Vulnerability. | Medium | Oct 14, 2010 |
| CVE-2010-3329 | Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read HTML files, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka Uninitialized Memory Corruption Vulnerability. | High | Oct 14, 2010 |
| CVE-2010-3328 | Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka Uninitialized Memory Corruption Vulnerability. | High | Oct 14, 2010 |
| CVE-2010-3327 | The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka Anchor Element Information Disclosure Vulnerability. | Medium | Oct 14, 2010 |
| CVE-2010-3326 | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka Uninitialized Memory Corruption Vulnerability. | High | Oct 14, 2010 |
| CVE-2010-3325 | Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka CSS Special Character Information Disclosure Vulnerability. | Medium | Oct 14, 2010 |
| CVE-2010-3324 | The toStaticHTML function in Microsoft Internet Explorer 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, a different vulnerability than CVE-2010-1257. | Medium | Sep 20, 2010 |
| CVE-2010-3323 | Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. | Medium | Sep 14, 2010 |
| CVE-2010-3322 | The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. | Medium | Sep 14, 2010 |
| CVE-2010-3321 | RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | Low | Oct 8, 2010 |
| CVE-2010-3320 | Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | Medium | Sep 14, 2010 |
| CVE-2010-3319 | IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | Medium | Sep 14, 2010 |
