LiveActive security incident?Get immediate response
CVE archive

December 2010

Browse CVE records published in December 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 364 matching CVEs · Page 1 of 8.

Critical · CVSS 9.8

CVE-2010-4478: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-...

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Published Dec 6, 2010 · Updated May 28, 2026

High · CVSS 7.8 · CISA KEV

CVE-2010-4398: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP...

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Published Dec 3, 2010 · Updated Oct 22, 2025

High · CVSS 7.8 · CISA KEV

CVE-2010-3904: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implement...

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Published Dec 6, 2010 · Updated Oct 22, 2025

High · CVSS 7.5

CVE-2010-4577: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome b...

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Published Dec 22, 2010 · Updated Jan 21, 2025

High · CVSS 7.3

CVE-2010-3957: Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Se...

Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."

Published Dec 16, 2010 · Updated Jan 21, 2025

Unknown · CVSS Not scored

CVE-2010-4360: Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute ar...

Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 1, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-5070: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in t...

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073.

Published Dec 7, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4547: IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply po...

IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.

Published Dec 16, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4632: Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrar...

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.

Published Dec 30, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4594: The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is ena...

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue.

Published Dec 22, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-4495: Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3...

Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.

Published Dec 17, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4412: Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject ar...

Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.

Published Dec 7, 2010 · Updated Sep 16, 2024