Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1305 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2011-03-08 | 7.2 HIGH | N/A |
| Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. | |||||
| CVE-1999-1304 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2011-03-08 | 7.2 HIGH | N/A |
| Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access. | |||||
| CVE-1999-1303 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2011-03-08 | 7.2 HIGH | N/A |
| Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. | |||||
| CVE-1999-1044 | 1 Digital | 1 Unix | 2011-03-08 | 4.6 MEDIUM | N/A |
| Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. | |||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2011-03-08 | 5.0 MEDIUM | N/A |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | |||||
| CVE-1999-1311 | 1 Hp | 1 Hp-ux | 2011-03-08 | 4.6 MEDIUM | N/A |
| Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. | |||||
| CVE-1999-1308 | 1 Hp | 1 Hp-ux | 2011-03-08 | 4.6 MEDIUM | N/A |
| Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges. | |||||
| CVE-2010-2244 | 1 Avahi | 1 Avahi | 2011-03-07 | 4.3 MEDIUM | N/A |
| The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. | |||||
| CVE-2010-3900 | 1 Christian Dywan | 1 Midori | 2011-02-17 | 5.8 MEDIUM | N/A |
| Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. | |||||
| CVE-2010-3312 | 1 Gnome | 1 Epiphany | 2011-02-17 | 5.8 MEDIUM | N/A |
| Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. | |||||
| CVE-2009-1693 | 1 Apple | 1 Safari | 2011-02-17 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | |||||
| CVE-2009-1681 | 1 Apple | 1 Safari | 2011-02-17 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | |||||
| CVE-2009-1694 | 1 Apple | 1 Safari | 2011-02-17 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." | |||||
| CVE-2010-4583 | 1 Opera | 1 Opera Browser | 2011-01-22 | 2.6 LOW | N/A |
| Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. | |||||
| CVE-2010-4579 | 1 Opera | 1 Opera Browser | 2011-01-22 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog. | |||||
| CVE-2011-0502 | 1 Musanim | 1 Music Animation Machine Midi Player | 2011-01-21 | 9.3 HIGH | N/A |
| Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file. | |||||
| CVE-2010-2579 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 5.0 MEDIUM | N/A |
| The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. | |||||
| CVE-2010-0435 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2011-01-19 | 4.6 MEDIUM | N/A |
| The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | |||||
| CVE-2010-0121 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 10.0 HIGH | N/A |
| The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. | |||||
| CVE-2006-3634 | 1 Linux | 1 Linux Kernel | 2011-01-19 | 4.9 MEDIUM | N/A |
| The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash). | |||||
| CVE-2010-3996 | 1 Cstr | 1 Festival | 2011-01-14 | 6.9 MEDIUM | N/A |
| festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3072 | 1 Squid-cache | 1 Squid | 2011-01-14 | 5.0 MEDIUM | N/A |
| The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | |||||
| CVE-2010-4587 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2011-01-12 | 9.3 HIGH | N/A |
| Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. | |||||
| CVE-2010-0390 | 1 Phpf1 | 1 Max\'s Image Uploader | 2011-01-12 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4599 | 1 Ecava | 1 Integraxor | 2011-01-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4265 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Remoting | 2010-12-31 | 2.6 LOW | N/A |
| The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier. | |||||
| CVE-2010-3923 | 1 Mitsu Hiro Hi Rose | 1 Attachecase | 2010-12-30 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2006-6404 | 1 Innovationdp | 1 Fdr\/upstrean | 2010-12-29 | 5.0 MEDIUM | N/A |
| INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap. NOTE: the vendor's testing reportedly found that no denial of service occurred. | |||||
| CVE-2009-5036 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | |||||
| CVE-2010-4551 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | |||||
| CVE-2010-3369 | 1 Debian | 1 Mono-debugger | 2010-12-14 | 6.9 MEDIUM | N/A |
| The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3999 | 1 Gnucash | 1 Gnucash | 2010-12-10 | 6.9 MEDIUM | N/A |
| gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3784 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-12-10 | 5.0 MEDIUM | N/A |
| The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. | |||||
| CVE-2010-1830 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-12-10 | 5.0 MEDIUM | N/A |
| AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. | |||||
| CVE-2010-1803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-12-10 | 4.3 MEDIUM | N/A |
| Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. | |||||
| CVE-2010-0397 | 1 Php | 1 Php | 2010-12-10 | 5.0 MEDIUM | N/A |
| The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. | |||||
| CVE-2010-0105 | 1 Apple | 1 Mac Os X | 2010-12-10 | 4.9 MEDIUM | N/A |
| The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component. | |||||
| CVE-2010-4159 | 1 Mono | 1 Mono | 2010-12-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-1999-0523 | 2010-12-01 | 0.0 LOW | N/A | ||
| ICMP echo (ping) is allowed from arbitrary hosts. | |||||
| CVE-1999-0629 | 2010-12-01 | 0.0 LOW | N/A | ||
| The ident/identd service is running. | |||||
| CVE-2010-3141 | 1 Microsoft | 1 Powerpoint | 2010-11-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. | |||||
| CVE-2010-4182 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Vista and 1 more | 2010-11-05 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-3914 | 1 Vim | 1 Gvim | 2010-11-05 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3349 | 1 Ardour | 1 Ardour | 2010-11-03 | 6.9 MEDIUM | N/A |
| Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3364 | 1 Vips | 1 Vips | 2010-11-03 | 6.9 MEDIUM | N/A |
| The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3357 | 1 Pedro Castro | 1 Gnome-subtitles | 2010-11-03 | 6.9 MEDIUM | N/A |
| gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3354 | 1 Dropbox | 1 Dropbox | 2010-11-03 | 6.9 MEDIUM | N/A |
| dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3162 | 1 Masahiko Watanabe | 1 Apsaly | 2010-10-28 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3157 | 1 Kmonos | 1 Xacrett | 2010-10-28 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. | |||||
| CVE-2010-3156 | 1 K2top | 1 K2editor | 2010-10-28 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||