LiveActive security incident?Get immediate response
CVE archive

October 2010

Browse CVE records published in October 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 578 matching CVEs · Page 1 of 12.

Critical · CVSS 9.8

CVE-2010-3765: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x bef...

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Published Oct 27, 2010 · Updated Oct 22, 2025

High · CVSS 7.8

CVE-2010-1883: Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Se...

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."

Published Oct 13, 2010 · Updated Jan 21, 2025

Medium · CVSS 4.3

CVE-2010-3243: Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and...

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."

Published Oct 13, 2010 · Updated Oct 17, 2024

Unknown · CVSS Not scored

CVE-2010-3887: The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly e...

The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.

Published Oct 8, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-3165: Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier,...

Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Published Oct 25, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4121: The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authe...

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Published Oct 28, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-3715: Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4...

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Published Oct 25, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-2797: Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows r...

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.

Published Oct 8, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-3934: The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the Blac...

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.

Published Oct 14, 2010 · Updated Sep 17, 2024