CVE-2010-2191

MEDIUM Year: 2010
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.

Related Vulnerabilities

CVE-2015-0565

CRITICAL
CVSS:10.0(Critical)

NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.

CWE-1192015

CVE-2015-8459

CRITICAL
CVSS:10.0(Critical)

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe A...

CWE-1192015

CVE-2015-8659

CRITICAL
CVSS:10.0(Critical)

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

CWE-1192015

CVE-2016-1931

CRITICAL
CVSS:10.0(Critical)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec...

CWE-1192016

CVE-2016-8352

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20...

CWE-1192016

CVE-2017-10920

CRITICAL
CVSS:10.0(Critical)

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denia...

CWE-1192017