Security Vulnerabilities, CVEs, Published In November 2010 CVSS score >= 7
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
Max CVSS
7.5
EPSS Score
31.24%
Published
2010-11-26
Updated
2017-09-19
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
Max CVSS
9.3
EPSS Score
89.20%
Published
2010-11-22
Updated
2017-01-26
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-11-26
Updated
2018-10-10
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-11-17
Updated
2017-08-17
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-11-17
Updated
2017-08-17
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2010-11-17
Updated
2010-11-18
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-11-17
Updated
2017-08-17
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2010-11-17
Updated
2017-08-17
The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.
Max CVSS
7.8
EPSS Score
4.07%
Published
2010-11-17
Updated
2018-10-10
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
Max CVSS
10.0
EPSS Score
1.07%
Published
2010-11-17
Updated
2018-10-10
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.
Max CVSS
10.0
EPSS Score
2.89%
Published
2010-11-17
Updated
2018-10-10
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Max CVSS
7.8
EPSS Score
1.62%
Published
2010-11-17
Updated
2018-10-10
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.
Max CVSS
9.3
EPSS Score
9.36%
Published
2010-11-17
Updated
2018-10-10
CVE-2010-4221
Public exploit
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
Max CVSS
10.0
EPSS Score
96.41%
Published
2010-11-09
Updated
2011-09-15
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet."
Max CVSS
10.0
EPSS Score
0.35%
Published
2010-11-09
Updated
2017-08-17
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
Max CVSS
7.8
EPSS Score
0.20%
Published
2010-11-22
Updated
2024-02-15
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
Max CVSS
8.8
EPSS Score
1.02%
Published
2010-11-06
Updated
2020-07-31
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
2.23%
Published
2010-11-06
Updated
2020-07-31
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.62%
Published
2010-11-06
Updated
2020-07-31
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
Max CVSS
10.0
EPSS Score
4.29%
Published
2010-11-06
Updated
2020-07-31
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
Max CVSS
9.8
EPSS Score
0.52%
Published
2010-11-06
Updated
2020-07-31
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
Max CVSS
9.8
EPSS Score
0.52%
Published
2010-11-06
Updated
2020-07-31
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.
Max CVSS
8.8
EPSS Score
0.78%
Published
2010-11-06
Updated
2020-07-31
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
Max CVSS
8.8
EPSS Score
2.16%
Published
2010-11-06
Updated
2020-07-31
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Max CVSS
9.8
EPSS Score
0.53%
Published
2010-11-06
Updated
2020-07-31