LiveActive security incident?Get immediate response
CVE archive

March 2010

Browse CVE records published in March 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 439 matching CVEs · Page 1 of 9.

High · CVSS 8.8 · CISA KEV

CVE-2010-0806: Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer...

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Published Mar 10, 2010 · Updated May 20, 2026

Unknown · CVSS Not scored

CVE-2010-4756: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to caus...

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Published Mar 2, 2011 · Updated Nov 3, 2025

Unknown · CVSS Not scored

CVE-2010-5305: Rockwell PLC5/SLC5/0x/RSLogix Credentials management

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.

Published Mar 26, 2019 · Updated Jun 26, 2025

Medium · CVSS 5.3

CVE-2010-10001: Shemes GrabIt NZB Date Parser denial of service

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published Mar 28, 2022 · Updated Apr 15, 2025

Unknown · CVSS Not scored

CVE-2010-1095: Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Ca...

Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 24, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-0587: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(...

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.

Published Mar 5, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-0063: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-as...

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

Published Mar 30, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4767: Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From l...

Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

Published Mar 18, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-1127: Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the cre...

Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.

Published Mar 26, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-0103: UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented th...

UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.

Published Mar 9, 2010 · Updated Sep 17, 2024