Lucene search

[email protected]NVD:CVE-2010-4494

HistoryDec 07, 2010 - 9:00 p.m.

CVE-2010-4494

2010-12-0721:00:09

CWE-415

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Affected configurations

NVD

Node

googlechromeRange<8.0.552.215

Node

xmlsoftlibxml2Range≤2.7.8

Node

appleitunesRange<10.2

applesafariRange<5.0.4

appleiphone_osRange<4.3.0

applemac_os_xRange<10.6.7

Node

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

susesuse_linux_enterprise_serverMatch11sp1

Node

fedoraprojectfedoraMatch14

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

hpinsight_control_server_deployment

hprapid_deployment_pack

Node

apacheopenofficeRange2.1.0–2.4.3

apacheopenofficeRange3.0.0–3.3.0

References

code.google.com/p/chromium/issues/detail?id=63444

googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=139447903326211&w=2

rhn.redhat.com/errata/RHSA-2013-0217.html

secunia.com/advisories/40775

secunia.com/advisories/42472

secunia.com/advisories/42721

secunia.com/advisories/42762

support.apple.com/kb/HT4554

support.apple.com/kb/HT4564

support.apple.com/kb/HT4566

support.apple.com/kb/HT4581

www.debian.org/security/2010/dsa-2137

www.mandriva.com/security/advisories?name=MDVSA-2010:260

www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

www.redhat.com/support/errata/RHSA-2011-1749.html

www.vupen.com/english/advisories/2010/3319

www.vupen.com/english/advisories/2010/3336

www.vupen.com/english/advisories/2011/0230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for NVD:CVE-2010-4494

nessus27 openvas29 altlinux4 fedora3 cvelist1 prion1 ubuntucve1 debian1 f51 securityvulns9 debiancve1 osv1 cve1 veracode1 gentoo1 redhat2 oraclelinux2 vmware1 centos1 freebsd1 tenable1