Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2010-11-17	CVE-2010-4008	Buffer Errors vulnerability in Google Chrome libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. network xmlsoft apple google debian canonical redhat opensuse suse apache CWE-119	4.3
2010-10-21	CVE-2010-4040	Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. network google debian opensuse CWE-20	6.8
2010-10-04	CVE-2010-1822	Incorrect Type Conversion OR Cast vulnerability in multiple products WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. network apple google opensuse CWE-704	6.8
2010-09-28	CVE-2010-3087	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. network libtiff opensuse CWE-119	6.8
2010-09-24	CVE-2010-1773	Off-By-One Error vulnerability in multiple products Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. network google redhat canonical opensuse fedoraproject CWE-193	6.8
2010-09-21	CVE-2010-3078	Information Exposure vulnerability in multiple products The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. local low complexity linux opensuse suse canonical vmware CWE-200	5.5
2010-09-21	CVE-2010-2942	Memory Leak vulnerability in multiple products The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. local low complexity linux canonical opensuse suse avaya vmware CWE-401	5.5
2010-06-30	CVE-2010-2249	Memory Leak vulnerability in multiple products Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. network low complexity libpng apple fedoraproject suse opensuse vmware canonical debian CWE-401	6.5
2010-06-15	CVE-2010-2301	Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. network google opensuse suse CWE-79	4.3
2010-05-19	CVE-2010-1321	Null Pointer Dereference vulnerability in multiple products The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. network low complexity mit debian canonical oracle opensuse suse fedoraproject CWE-476	6.8