NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 18, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311451	7.1	HIGH	microsoft	windows_server_2008 windows_7 windows_vista	The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client…	CWE-20 Improper Input Validation	CVE-2010-3229	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311452	9.3	HIGH	microsoft	.net_framework	The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application th…	CWE-94 Code Injection	CVE-2010-3228	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311453	7.6	HIGH	microsoft	windows_vista windows_7	Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time…	CWE-399 Resource Management Errors	CVE-2010-3225	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311454	7.5	HIGH	microsoft	windows_server_2008	The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a fa…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-3223	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311455	7.2	HIGH	microsoft	windows_xp windows_server_2003	Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3222	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311456	9.3	HIGH	microsoft	word office word_viewer	Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitr…	CWE-94 Code Injection	CVE-2010-3221	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311457	9.3	HIGH	microsoft	word office	Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word P…	CWE-94 Code Injection	CVE-2010-3220	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311458	9.3	HIGH	microsoft	word	Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerabili…	CWE-94 Code Injection	CVE-2010-3219	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311459	9.3	HIGH	microsoft	word	Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."	CWE-94 Code Injection	CVE-2010-3218	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311460	9.3	HIGH	microsoft	word	Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerabi…	CWE-399 Resource Management Errors	CVE-2010-3217	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311461	9.3	HIGH	microsoft	word office	Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory cor…	CWE-94 Code Injection	CVE-2010-3216	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311462	9.3	HIGH	microsoft	word office	Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a craft…	CWE-94 Code Injection	CVE-2010-3215	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311463	9.3	HIGH	microsoft	word open_xml_file_format_converter office office_web_apps office_compatibility_pack word_viewer word_web_app	Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3214	2024-11-21 10:18	2010-10-14	Show	GitHub Exploit DB Packet Storm

311464	10.0	HIGH	david_shadoff	mednafen	The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.	CWE-94 Code Injection	CVE-2010-3085	2024-11-21 10:18	2010-10-13	Show	GitHub Exploit DB Packet Storm

311465	7.2	HIGH	novell opensuse	suse_linux opensuse	Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3110	2024-11-21 10:18	2010-10-13	Show	GitHub Exploit DB Packet Storm

311466	5.1	MEDIUM	jianping_yu	pidgin-knotify	The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.	CWE-94 Code Injection	CVE-2010-3088	2024-11-21 10:18	2010-10-9	Show	GitHub Exploit DB Packet Storm

311467	1.5	LOW	rsa	authentication_client	RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which al…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-3321	2024-11-21 10:18	2010-10-8	Show	GitHub Exploit DB Packet Storm

311468	6.0	MEDIUM	postgresql	postgresql	The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not prope…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-3433	2024-11-21 10:18	2010-10-7	Show	GitHub Exploit DB Packet Storm

311469	6.5	MEDIUM	xelerance	openswan	Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long c…	CWE-94 Code Injection	CVE-2010-3308	2024-11-21 10:18	2010-10-6	Show	GitHub Exploit DB Packet Storm

311470	3.5	LOW	mantisbt	mantisbt	Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_…	CWE-79 Cross-site Scripting	CVE-2010-3303	2024-11-21 10:18	2010-10-6	Show	GitHub Exploit DB Packet Storm

311471	6.5	MEDIUM	xelerance	openswan	Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1)…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3302	2024-11-21 10:18	2010-10-6	Show	GitHub Exploit DB Packet Storm

311472	7.5	HIGH	dustincowell	free_simple_cms	Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) f…	CWE-94 Code Injection	CVE-2010-3307	2024-11-21 10:18	2010-10-6	Show	GitHub Exploit DB Packet Storm

311473	4.7	MEDIUM	linux fedoraproject suse opensuse debian canonical	linux_kernel fedora linux_enterprise_server opensuse linux_enterprise_desktop linux_enterprise_software_development_kit linux_enterprise_real_time_extension debian_linux ubunt…	Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corrupti…	CWE-190 Integer Overflow or Wraparound	CVE-2010-3442	2024-11-21 10:18	2010-10-5	Show	GitHub Exploit DB Packet Storm

311474	6.6	MEDIUM	linux suse opensuse debian canonical	linux_kernel linux_enterprise_server linux_enterprise_desktop opensuse linux_enterprise_software_development_kit linux_enterprise_real_time_extension debian_linux ubuntu_linux	Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory…	CWE-476 NULL Pointer Dereference	CVE-2010-3437	2024-11-21 10:18	2010-10-5	Show	GitHub Exploit DB Packet Storm

311475	6.9	MEDIUM	nokia	qt_creator	Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.	NVD-CWE-Other	CVE-2010-3374	2024-11-21 10:18	2010-10-5	Show	GitHub Exploit DB Packet Storm

311476	6.0	MEDIUM	apache	subversion	authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not prop…	CWE-16 Configuration	CVE-2010-3315	2024-11-21 10:18	2010-10-5	Show	GitHub Exploit DB Packet Storm

311477	9.3	HIGH	clamav	clamav	Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3434	2024-11-21 10:18	2010-10-1	Show	GitHub Exploit DB Packet Storm

311478	6.8	MEDIUM	ffmpeg mplayerhq	libavcodec ffmpeg mplayer	flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset …	CWE-94 Code Injection	CVE-2010-3429	2024-11-21 10:18	2010-10-1	Show	GitHub Exploit DB Packet Storm

311479	2.1	LOW	linux suse opensuse debian canonical	linux_kernel linux_enterprise_desktop linux_enterprise_server opensuse linux_enterprise_real_time_extension debian_linux ubuntu_linux	The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensi…	CWE-200 Information Exposure	CVE-2010-3298	2024-11-21 10:18	2010-10-1	Show	GitHub Exploit DB Packet Storm

311480	2.1	LOW	linux suse opensuse debian canonical	linux_kernel linux_enterprise_desktop opensuse linux_enterprise_server linux_enterprise_real_time_extension debian_linux ubuntu_linux	The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensit…	CWE-909 Missing Initialization of Resource	CVE-2010-3297	2024-11-21 10:18	2010-10-1	Show	GitHub Exploit DB Packet Storm

311481	2.1	LOW	linux suse opensuse debian canonical	linux_kernel linux_enterprise_desktop opensuse linux_enterprise_server linux_enterprise_real_time_extension debian_linux ubuntu_linux	The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain p…	CWE-200 Information Exposure	CVE-2010-3296	2024-11-21 10:18	2010-10-1	Show	GitHub Exploit DB Packet Storm

311482	5.0	MEDIUM	blueriver	sava_cms mura_cms	Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot …	CWE-22 Path Traversal	CVE-2010-3468	2024-11-21 10:18	2010-09-30	Show	GitHub Exploit DB Packet Storm

311483	6.9	MEDIUM	llnl	slurm	The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared l…	NVD-CWE-Other	CVE-2010-3380	2024-11-21 10:18	2010-09-30	Show	GitHub Exploit DB Packet Storm

311484	1.9	LOW	linux debian canonical	linux_kernel debian_linux ubuntu_linux	Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have u…	CWE-189 Numeric Errors	CVE-2010-3310	2024-11-21 10:18	2010-09-30	Show	GitHub Exploit DB Packet Storm

311485	5.0	MEDIUM	drupal peter_wolanin	drupal openid	The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote att…	CWE-287 Improper Authentication	CVE-2010-3091	2024-11-21 10:18	2010-09-30	Show	GitHub Exploit DB Packet Storm

311486	6.5	MEDIUM	sangoma	freepbx	Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to c…	CWE-22 Path Traversal	CVE-2010-3490	2024-11-21 10:18	2010-09-29	Show	GitHub Exploit DB Packet Storm

311487	2.1	LOW	vmware	workstation player	The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-3277	2024-11-21 10:18	2010-09-29	Show	GitHub Exploit DB Packet Storm

311488	6.8	MEDIUM	libtiff opensuse	libtiff opensuse	LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3087	2024-11-21 10:18	2010-09-29	Show	GitHub Exploit DB Packet Storm

311489	5.0	MEDIUM	salvo_g._tomaselli	weborf	Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.	CWE-22 Path Traversal	CVE-2010-3306	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311490	6.4	MEDIUM	dovecot	dovecot	The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended wea…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-3304	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311491	4.3	MEDIUM	pecl-php	alternative_php_cache	Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified ve…	CWE-79 Cross-site Scripting	CVE-2010-3294	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311492	5.0	MEDIUM	hp	openview_network_node_manager	Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.	NVD-CWE-noinfo	CVE-2010-3285	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311493	4.3	MEDIUM	hp	system_management_homepage	Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2010-3284	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311494	4.3	MEDIUM	hp	system_management_homepage	Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	CWE-20 Improper Input Validation	CVE-2010-3283	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311495	5.0	MEDIUM	rsa	authentication_agent_for_web	Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.	CWE-22 Path Traversal	CVE-2010-3261	2024-11-21 10:18	2010-09-25	Show	GitHub Exploit DB Packet Storm

311496	5.4	MEDIUM	alcatel-lucent	omnivista_4760_server	Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-3281	2024-11-21 10:18	2010-09-24	Show	GitHub Exploit DB Packet Storm

311497	6.9	MEDIUM	alcatel-lucent	ccagent omnitouch_contact_center	The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and uncon…	CWE-200 Information Exposure	CVE-2010-3280	2024-11-21 10:18	2010-09-24	Show	GitHub Exploit DB Packet Storm

311498	7.6	HIGH	alcatel-lucent	ccagent omnitouch_contact_center	The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, whi…	CWE-16 Configuration	CVE-2010-3279	2024-11-21 10:18	2010-09-24	Show	GitHub Exploit DB Packet Storm

311499	4.3	MEDIUM	digitalworkroom	cms_digital_workroom	Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HT…	CWE-79 Cross-site Scripting	CVE-2010-3489	2024-11-21 10:18	2010-09-23	Show	GitHub Exploit DB Packet Storm

311500	5.0	MEDIUM	houbysoft	quickshare	Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL.	CWE-22 Path Traversal	CVE-2010-3488	2024-11-21 10:18	2010-09-23	Show	GitHub Exploit DB Packet Storm