Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0185 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. | |||||
CVE-2010-2973 | 1 Apple | 3 Ipad, Iphone Os, Ipod Touch | 2024-02-28 | 6.9 MEDIUM | N/A |
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. | |||||
CVE-2010-2442 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | |||||
CVE-2011-3207 | 1 Openssl | 1 Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | |||||
CVE-2011-0219 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-02-28 | 5.8 MEDIUM | N/A |
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | |||||
CVE-2010-2644 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. | |||||
CVE-2010-3783 | 1 Apple | 1 Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. | |||||
CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2024-02-28 | 4.3 MEDIUM | N/A |
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2024-02-28 | 4.4 MEDIUM | N/A |
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
CVE-2010-0427 | 1 Todd Miller | 1 Sudo | 2024-02-28 | 4.4 MEDIUM | N/A |
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | |||||
CVE-2011-0398 | 1 Matomo | 1 Matomo | 2024-02-28 | 6.4 MEDIUM | N/A |
The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | |||||
CVE-2010-1621 | 1 Mysql | 1 Mysql | 2024-02-28 | 5.0 MEDIUM | N/A |
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. | |||||
CVE-2011-1661 | 2 Drupal, Nicholas Thompson | 2 Drupal, Node Quick Find | 2024-02-28 | 5.0 MEDIUM | N/A |
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. | |||||
CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | |||||
CVE-2010-1671 | 1 Pharscape | 1 Hsolink | 2024-02-28 | 7.2 HIGH | N/A |
hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action. | |||||
CVE-2010-3304 | 1 Dovecot | 1 Dovecot | 2024-02-28 | 6.4 MEDIUM | N/A |
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. | |||||
CVE-2009-4417 | 1 Zend | 1 Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." | |||||
CVE-2010-2842 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-28 | 9.0 HIGH | N/A |
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | |||||
CVE-2011-2362 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | |||||
CVE-2011-3123 | 2 Ibm, Linux | 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. |