Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3919 | 1 Fenrir | 1 Grani | 2010-12-13 | 5.8 MEDIUM | N/A |
| Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | |||||
| CVE-2010-3918 | 1 Fenrir-inc | 1 Sleipnir | 2010-12-13 | 5.8 MEDIUM | N/A |
| Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | |||||
| CVE-2010-3783 | 1 Apple | 1 Mac Os X Server | 2010-12-10 | 6.8 MEDIUM | N/A |
| Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. | |||||
| CVE-2010-3065 | 1 Php | 1 Php | 2010-12-10 | 5.0 MEDIUM | N/A |
| The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | |||||
| CVE-2010-4000 | 1 Gnome | 1 Gnome-shell | 2010-11-08 | 6.9 MEDIUM | N/A |
| gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3983 | 1 Sap | 1 Businessobjects | 2010-11-03 | 9.0 HIGH | N/A |
| CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | |||||
| CVE-2010-4145 | 1 Aspindir | 1 Kisisel Radyo Script | 2010-11-03 | 5.0 MEDIUM | N/A |
| Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | |||||
| CVE-2010-2242 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 2.1 LOW | N/A |
| Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | |||||
| CVE-2010-2239 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | |||||
| CVE-2010-2237 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2010-2584 | 1 Realpage | 1 Module Activex Controls | 2010-10-28 | 5.0 MEDIUM | N/A |
| The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property. | |||||
| CVE-2010-3713 | 1 Usebb | 1 Usebb | 2010-10-28 | 4.3 MEDIUM | N/A |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | |||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2010-10-27 | 5.0 MEDIUM | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | |||||
| CVE-2007-6741 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 6.5 MEDIUM | N/A |
| The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | |||||
| CVE-2009-5012 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.0 MEDIUM | N/A |
| ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | |||||
| CVE-2007-6740 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.0 MEDIUM | N/A |
| The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | |||||
| CVE-2010-3934 | 1 Rim | 2 Blackberry 9700, Blackberry Device Software | 2010-10-15 | 6.8 MEDIUM | N/A |
| The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2010-10-14 | 2.1 LOW | N/A |
| Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | |||||
| CVE-2010-3887 | 1 Apple | 2 Mac Os X, Mail | 2010-10-11 | 4.3 MEDIUM | N/A |
| The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | |||||