Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2011-03-01 | 6.8 MEDIUM | N/A |
| IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | |||||
| CVE-2010-0125 | 2 Apple, Realnetworks | 3 Mac Os X, Realplayer, Realplayer Sp | 2011-02-17 | 10.0 HIGH | N/A |
| RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. | |||||
| CVE-2001-1009 | 1 Fetchmail | 1 Fetchmail | 2011-02-16 | 10.0 HIGH | N/A |
| Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | |||||
| CVE-2010-4723 | 1 Smarty | 1 Smarty | 2011-02-15 | 9.3 HIGH | N/A |
| Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. | |||||
| CVE-2009-5054 | 1 Smarty | 1 Smarty | 2011-02-15 | 7.5 HIGH | N/A |
| Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2010-3706 | 1 Dovecot | 1 Dovecot | 2011-02-12 | 5.5 MEDIUM | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | |||||
| CVE-2010-3779 | 1 Dovecot | 1 Dovecot | 2011-02-12 | 3.5 LOW | N/A |
| Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | |||||
| CVE-2010-3304 | 1 Dovecot | 1 Dovecot | 2011-02-12 | 6.4 MEDIUM | N/A |
| The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. | |||||
| CVE-2010-4582 | 1 Opera | 1 Opera Browser | 2011-01-22 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-4534 | 1 Djangoproject | 1 Django | 2011-01-20 | 4.0 MEDIUM | N/A |
| The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | |||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2011-01-19 | 4.0 MEDIUM | N/A |
| WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | |||||
| CVE-2010-0039 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2011-01-19 | 2.6 LOW | N/A |
| The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. | |||||
| CVE-2010-2522 | 1 Linux-ipv6 | 1 Umip | 2011-01-14 | 2.1 LOW | N/A |
| The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. | |||||
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2011-01-05 | 2.1 LOW | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
| CVE-2010-4595 | 1 Ibm | 1 Lotus Mobile Connect | 2010-12-27 | 5.0 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | |||||
| CVE-2010-4212 | 2 Google, Usaa | 2 Android, Usaa | 2010-12-22 | 1.9 LOW | N/A |
| The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | |||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2010-12-18 | 7.2 HIGH | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | |||||
| CVE-2010-4546 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | |||||
| CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | |||||
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 3.5 LOW | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | |||||