Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0622 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 2.1 LOW | N/A |
| The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | |||||
| CVE-2010-0624 | 1 Gnu | 2 Cpio, Tar | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | |||||
| CVE-2010-0625 | 1 Novell | 2 Netware, Netware Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. | |||||
| CVE-2010-0640 | 1 Ca | 1 Ehealth Performance Manager | 2018-10-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. | |||||
| CVE-2010-0671 | 1 Michalin | 1 Kr Media Pogodny Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action. | |||||
| CVE-2010-0684 | 1 Apache | 1 Activemq | 2018-10-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. | |||||
| CVE-2010-0685 | 1 Digium | 1 Asterisk | 2018-10-10 | 5.0 MEDIUM | N/A |
| The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. | |||||
| CVE-2010-0689 | 1 Datev | 1 Base System | 2018-10-10 | 10.0 HIGH | N/A |
| The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2010-0703 | 1 Portwise | 1 Ssl Vpn | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. | |||||
| CVE-2010-0705 | 2 Avast, Microsoft | 4 Avast Antivirus Home, Avast Antivirus Professional, Windows 2000 and 1 more | 2018-10-10 | 7.2 HIGH | N/A |
| Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | |||||
| CVE-2010-0713 | 1 Zenoss | 1 Zenoss | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. | |||||
| CVE-2010-0714 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2010-0715 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2018-10-10 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. | |||||
| CVE-2010-0716 | 1 Microsoft | 1 Sharepoint Server | 2018-10-10 | 3.5 LOW | N/A |
| _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. | |||||
| CVE-2010-0730 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2018-10-10 | 2.6 LOW | N/A |
| The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. | |||||
| CVE-2010-0734 | 1 Curl | 1 Libcurl | 2018-10-10 | 6.8 MEDIUM | N/A |
| content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. | |||||
| CVE-2010-0740 | 1 Openssl | 1 Openssl | 2018-10-10 | 5.0 MEDIUM | N/A |
| The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0766 | 1 Luxology | 1 Modo | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length. | |||||
| CVE-2010-0788 | 1 Ncpfs | 1 Ncpfs | 2018-10-10 | 4.4 MEDIUM | N/A |
| ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. | |||||
| CVE-2010-0790 | 1 Ncpfs | 1 Ncpfs | 2018-10-10 | 2.1 LOW | N/A |
| sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. | |||||
| CVE-2010-0791 | 1 Ncpfs | 1 Ncpfs | 2018-10-10 | 2.1 LOW | N/A |
| The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | |||||
| CVE-2010-0792 | 1 Thibault Godouet | 1 Fcron | 2018-10-10 | 1.9 LOW | N/A |
| fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||||
| CVE-2010-0804 | 1 Netartmedia | 1 Iboutique | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action. | |||||
| CVE-2010-0833 | 1 Likewise | 2 Likewise Cifs, Likewise Open | 2018-10-10 | 9.3 HIGH | N/A |
| The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | |||||
| CVE-2010-0837 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0838 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | |||||
| CVE-2010-0317 | 1 Novell | 1 Netware | 2018-10-10 | 7.8 HIGH | N/A |
| Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0370 | 3 Drupal, Roger Lopez, Thomas Turnbull | 3 Drupal, Nodeblock, Nodeblock | 2018-10-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | |||||
| CVE-2010-0392 | 1 Thegreenbow | 1 Ipsec Vpn Client | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2." | |||||
| CVE-2010-0403 | 1 Phpgroupware | 1 Phpgroupware | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. | |||||
| CVE-2010-0404 | 1 Phpgroupware | 1 Phpgroupware | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. | |||||
| CVE-2010-0405 | 2 Bzip, Libzip2 | 2 Bzip2, Libzip2 | 2018-10-10 | 5.1 MEDIUM | N/A |
| Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | |||||
| CVE-2010-0415 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.6 MEDIUM | N/A |
| The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. | |||||
| CVE-2010-0426 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 6.9 MEDIUM | N/A |
| sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | |||||
| CVE-2010-0427 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 4.4 MEDIUM | N/A |
| sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | |||||
| CVE-2010-0433 | 1 Openssl | 1 Openssl | 2018-10-10 | 4.3 MEDIUM | N/A |
| The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | |||||
| CVE-2010-0437 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 7.8 HIGH | N/A |
| The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-0439 | 1 Chip Salzenberg | 1 Deliver | 2018-10-10 | 6.9 MEDIUM | N/A |
| Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file. | |||||
| CVE-2010-0441 | 1 Asterisk | 1 Asterisk | 2018-10-10 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number. | |||||
| CVE-2010-0447 | 1 Hp | 1 Openview Performance Insight | 2018-10-10 | 10.0 HIGH | N/A |
| The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | |||||
| CVE-2010-0453 | 1 Sun | 2 Opensolaris, Solaris | 2018-10-10 | 4.9 MEDIUM | N/A |
| The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision. | |||||
| CVE-2010-0454 | 1 Fabricadigital | 1 Publique\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-0460 | 1 Kayako | 2 Esupport, Supportsuite | 2018-10-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0465 | 1 Sugarcrm | 1 Sugarcrm | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field. | |||||
| CVE-2010-0468 | 1 Paperthin | 1 Commonspot Content Server | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2010-0505 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. | |||||
| CVE-2010-0516 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk. | |||||
| CVE-2010-0517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation. | |||||
| CVE-2010-0519 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. | |||||
| CVE-2010-0520 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. | |||||