|
305851
|
- |
|
usaa
|
usaa
|
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application da…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4212
|
2024-11-21 10:20 |
2010-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305852
|
- |
|
ebay
|
paypal
|
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal…
|
CWE-287
Improper Authentication
|
CVE-2010-4211
|
2024-11-21 10:20 |
2010-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305853
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4209
|
2024-11-21 10:20 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305854
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4208
|
2024-11-21 10:20 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305855
|
- |
|
yahoo
|
yui
|
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4207
|
2024-11-21 10:20 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305856
|
- |
|
adobe
|
acrobat_reader
acrobat
|
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a deni…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-4091
|
2024-11-21 10:20 |
2010-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305857
|
8.8 |
HIGH
Network
|
google
webkitgtk
fedoraproject
|
chrome
webkitgtk
fedora
|
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, al…
|
CWE-787
Out-of-bounds Write
|
CVE-2010-4206
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305858
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unkn…
|
NVD-CWE-noinfo
|
CVE-2010-4205
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305859
|
9.8 |
CRITICAL
Network
|
google
webkitgtk
fedoraproject
|
chrome
webkitgtk
fedora
|
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a …
|
NVD-CWE-noinfo
|
CVE-2010-4204
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305860
|
9.8 |
CRITICAL
Network
|
google
webmproject
redhat
|
chrome
libvpx
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary co…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2010-4203
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
