LiveActive security incident?Get immediate response
CVE archive

January 2010

Browse CVE records published in January 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 432 matching CVEs · Page 3 of 9.

Medium · CVSS 4

CVE-2010-10004: Information Cards Module cross site scripting

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.

Published Jan 9, 2023 · Updated Aug 7, 2024

Medium · CVSS 5.5

CVE-2010-10007: lierdakil click-reminder BaseAction.php db_query sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 18, 2023 · Updated Aug 7, 2024

Low · CVSS 3.1

CVE-2010-10002: SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 1, 2023 · Updated Aug 7, 2024

Medium · CVSS 5.5

CVE-2010-10009: frioux ptome sql injection

A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519.

Published Jan 18, 2023 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-5082: Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft...

Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."

Published Jan 17, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4710: Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allow...

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

Published Jan 28, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4701: Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Se...

Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.

Published Jan 20, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4700: The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not p...

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

Published Jan 18, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4697: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow con...

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.

Published Jan 18, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4694: Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause...

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Published Jan 14, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4699: The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle...

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

Published Jan 18, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4689: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly pr...

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4690: The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with...

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4695: A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12...

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

Published Jan 14, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4687: STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle...

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4671: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows...

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4679: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly ha...

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4670: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances...

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4675: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly de...

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4680: The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software bef...

The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.

Published Jan 7, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4668: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local user...

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.

Published Jan 3, 2011 · Updated Aug 7, 2024