CVE-2010-0050
- EPSS 11.64%
- Veröffentlicht 15.03.2010 14:15:32
- Zuletzt bearbeitet 16.06.2026 23:15:19
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
CVE-2010-0302
- EPSS 2.58%
- Veröffentlicht 05.03.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:15:53
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denia...
CVE-2010-0434
- EPSS 18.44%
- Veröffentlicht 05.03.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:10
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, wh...
CVE-2010-0205
- EPSS 4.21%
- Veröffentlicht 03.03.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:15:42
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which...
CVE-2010-0013
- EPSS 12.5%
- Veröffentlicht 09.01.2010 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:15:14
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ...
CVE-2009-4135
- EPSS 0.38%
- Veröffentlicht 11.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:06
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVE-2009-3553
- EPSS 3.91%
- Veröffentlicht 20.11.2009 02:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:49
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash ...
CVE-2009-2816
- EPSS 1.55%
- Veröffentlicht 13.11.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:10:16
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,...
CVE-2009-3555
- EPSS 87.26%
- Veröffentlicht 09.11.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:50
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu...
- EPSS 4.93%
- Veröffentlicht 04.11.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:49
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna...