Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-2067 |
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. Published: June 24, 2010; 8:30:01 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1770 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." Published: June 11, 2010; 3:30:20 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0650 |
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. Published: February 18, 2010; 1:00:00 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2009-4135 |
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. Published: December 11, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2009-3555 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Published: November 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-2797 |
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. Published: September 10, 2009; 5:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |