Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0564 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. | |||||
CVE-2010-0522 | 1 Apple | 1 Mac Os X Server | 2024-02-28 | 9.0 HIGH | N/A |
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | |||||
CVE-2010-1646 | 1 Todd Miller | 1 Sudo | 2024-02-28 | 6.2 MEDIUM | N/A |
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | |||||
CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2024-02-28 | 5.8 MEDIUM | N/A |
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | |||||
CVE-2010-3065 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | |||||
CVE-2011-4688 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
CVE-2010-1511 | 1 Kde | 2 Kde Sc, Kget | 2024-02-28 | 6.4 MEDIUM | N/A |
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | |||||
CVE-2010-3483 | 1 Bouzouste | 1 Primitive Cms | 2024-02-28 | 7.5 HIGH | N/A |
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. | |||||
CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2024-02-28 | 9.0 HIGH | N/A |
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | |||||
CVE-2011-0729 | 1 Ubuntu | 1 Language-selector | 2024-02-28 | 7.2 HIGH | N/A |
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | |||||
CVE-2009-5012 | 1 G.rodola | 1 Pyftpdlib | 2024-02-28 | 4.0 MEDIUM | N/A |
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | |||||
CVE-2010-3197 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2010-2784 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2024-02-28 | 6.6 MEDIUM | N/A |
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2011-1271 | 1 Microsoft | 7 .net Framework, Windows 2003 Server, Windows 7 and 4 more | 2024-02-28 | 5.1 MEDIUM | N/A |
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability." | |||||
CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | |||||
CVE-2010-0393 | 1 Apple | 1 Cups | 2024-02-28 | 6.9 MEDIUM | N/A |
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. | |||||
CVE-2010-2860 | 1 Emc | 1 Celerra Network Attached Storage | 2024-02-28 | 9.3 HIGH | N/A |
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests. | |||||
CVE-2010-0212 | 1 Openldap | 1 Openldap | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | |||||
CVE-2010-4491 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. | |||||
CVE-2011-1329 | 1 Walrus Digit | 1 Walrack | 2024-02-28 | 6.8 MEDIUM | N/A |
WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file. |