Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3986 | 1 Hp | 1 Virtual Connect Enterprise Manager | 2010-11-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-3987 | 1 Hp | 1 Insight Control Virtual Machine Management | 2010-11-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3988 | 1 Hp | 1 Insight Control Virtual Machine Management | 2010-11-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors. | |||||
| CVE-2010-3989 | 1 Hp | 1 Insight Control Virtual Machine Management | 2010-11-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-3991 | 1 Hp | 2 Insight Control Server Migration, Insight Control Server Migration6.0.1 | 2010-11-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3992 | 1 Hp | 2 Insight Control Server Migration, Insight Control Server Migration6.0.1 | 2010-11-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2010-3993 | 1 Hp | 2 Insight Control Server Migration, Insight Control Server Migration6.0.1 | 2010-11-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors. | |||||
| CVE-2010-4024 | 1 Hp | 1 Insight Control Power Management | 2010-11-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4025 | 1 Hp | 1 Palm Webos | 2010-11-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document. | |||||
| CVE-2010-4026 | 1 Hp | 1 Palm Webos | 2010-11-11 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. | |||||
| CVE-2010-4027 | 1 Hp | 1 Palm Webos | 2010-11-11 | 5.6 MEDIUM | N/A |
| Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. | |||||
| CVE-2010-4028 | 1 Hp | 2 Loadrunner, Loadrunner Web Tours | 2010-11-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors. | |||||
| CVE-2010-2419 | 1 Oracle | 1 Database Server | 2010-11-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-2389 | 1 Oracle | 2 Database Server, Fusion Middleware | 2010-11-11 | 1.0 LOW | N/A |
| Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon. | |||||
| CVE-2010-2390 | 1 Oracle | 3 Database Server, Enterprise Manager Grid Control, Fusion Middleware | 2010-11-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-2391 | 1 Oracle | 1 Database Server | 2010-11-11 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-2404 | 1 Oracle | 1 E-business Suite | 2010-11-11 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account. | |||||
| CVE-2010-2406 | 1 Oracle | 1 Siebel Suite | 2010-11-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2010-2407 | 1 Oracle | 1 Database Server | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2416 | 1 Oracle | 1 E-business Suite | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2417 | 1 Oracle | 1 Supply Chain Products Suite | 2010-11-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.0.0 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2010-2418 | 1 Oracle | 1 E-business Suite | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2412 | 1 Oracle | 1 Database Server | 2010-11-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-2408 | 1 Oracle | 1 E-business Suite | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2411 | 1 Oracle | 1 Database Server | 2010-11-11 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB. | |||||
| CVE-2010-2413 | 1 Oracle | 1 Fusion Middleware | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2415 | 1 Oracle | 1 Database Server | 2010-11-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. | |||||
| CVE-2010-2396 | 1 Oracle | 1 Fusion Middleware | 2010-11-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-2414 | 1 Oracle | 1 Sun Products Suite | 2010-11-11 | 2.6 LOW | N/A |
| Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2009-5007 | 1 Cisco | 1 Anyconnect Ssl Vpn | 2010-11-11 | 3.3 LOW | N/A |
| The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. | |||||
| CVE-2010-3509 | 1 Oracle | 1 Solaris | 2010-11-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler. | |||||
| CVE-2010-3575 | 1 Oracle | 1 Sun Product Suite | 2010-11-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail. | |||||
| CVE-2010-3141 | 1 Microsoft | 1 Powerpoint | 2010-11-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. | |||||
| CVE-2010-4217 | 1 Ibm | 1 Tivoli Directory Server | 2010-11-10 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | |||||
| CVE-2010-3040 | 1 Cisco | 1 Intelligent Contact Manager | 2010-11-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. | |||||
| CVE-2010-4220 | 1 Ibm | 1 Websphere Application Server | 2010-11-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | |||||
| CVE-2010-4219 | 1 Ibm | 1 Websphere Portal | 2010-11-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5015 | 1 Turbogears | 1 Turbogears2 | 2010-11-09 | 7.5 HIGH | N/A |
| The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | |||||
| CVE-2010-4213 | 2 Bankofamerica, Google | 2 Bank Of America, Android | 2010-11-09 | 4.3 MEDIUM | N/A |
| The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | |||||
| CVE-2009-5014 | 1 Turbogears | 1 Turbogears2 | 2010-11-09 | 7.5 HIGH | N/A |
| The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | |||||
| CVE-2010-4214 | 2 Google, Wellsfargo | 2 Android, Wells Fargo Mobile | 2010-11-09 | 4.3 MEDIUM | N/A |
| The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | |||||
| CVE-2010-3913 | 1 Transware | 1 Active\! Mail | 2010-11-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2010-4000 | 1 Gnome | 1 Gnome-shell | 2010-11-08 | 6.9 MEDIUM | N/A |
| gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3866 | 2010-11-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4207, CVE-2010-4208, CVE-2010-4209. Reason: This candidate originally combined three issues that affected different versions. Notes: All CVE users should reference CVE-2010-4207, CVE-2010-4208, or CVE-2010-4209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-3994 | 1 Hp | 2 Hp, Version Control Repository Manager | 2010-11-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3990 | 1 Hp | 1 Virtual Server Environment | 2010-11-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-3036 | 1 Cisco | 7 Ciscoworks Common Services, Ciscoworks Lan Management Solution, Qos Policy Manager and 4 more | 2010-11-06 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. | |||||
| CVE-2010-4182 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Vista and 1 more | 2010-11-05 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-3914 | 1 Vim | 1 Gvim | 2010-11-05 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0607 | 1 Sterlitetechnologies | 1 Sam300 Ax Router | 2010-11-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. | |||||