LiveActive security incident?Get immediate response
CVE archive

February 2010

Browse CVE records published in February 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 350 matching CVEs · Page 1 of 7.

Medium · CVSS 5.9

CVE-2010-0021: Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, S...

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."

Published Feb 10, 2010 · Updated Jan 21, 2025

Unknown · CVSS Not scored

CVE-2010-0548: Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 563...

Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.

Published Feb 4, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4562: Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine...

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.

Published Feb 2, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-0760: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla!

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 27, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4733: WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS...

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463.

Published Feb 14, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-0711: Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and p...

Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.

Published Feb 25, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0292: The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows rem...

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.

Published Feb 8, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0638: Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the...

Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 15, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0561: Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cau...

Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c).

Published Feb 8, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0710: SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versio...

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 25, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0549: Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11...

Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."

Published Feb 4, 2010 · Updated Sep 16, 2024