Export limit exceeded: 80847 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80847 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 8.8 High |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | ||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 7.8 High |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | ||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2024-11-21 | 7.5 High |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | ||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 7.8 High |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | ||||
| CVE-2010-4241 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 8.8 High |
| Tiki Wiki CMS Groupware 5.2 has CSRF | ||||
| CVE-2010-3844 | 2 Debian, Ettercap-project | 2 Debian Linux, Ettercap | 2024-11-21 | 8.8 High |
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | ||||
| CVE-2010-3843 | 1 Ettercap-project | 1 Ettercap | 2024-11-21 | 7.8 High |
| The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack. | ||||
| CVE-2010-3782 | 2 Obs-server, Suse | 2 Obs-server, Linux Enterprise Server | 2024-11-21 | 8.8 High |
| obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | ||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | ||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.8 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.8 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | ||||
| CVE-2010-3305 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | ||||
| CVE-2010-3048 | 1 Cisco | 1 Unified Personal Communicator | 2024-11-21 | 7.5 High |
| Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | ||||
| CVE-2010-2525 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. | ||||
| CVE-2010-2488 | 1 Znc | 1 Znc | 2024-11-21 | 7.5 High |
| NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | ||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-11-21 | 7.5 High |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | ||||
| CVE-2010-2247 | 1 Makepasswd Project | 1 Makepasswd | 2024-11-21 | 7.5 High |
| makepasswd 1.10 default settings generate insecure passwords | ||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | ||||
| CVE-2010-2222 | 1 Redhat | 2 389 Directory Server, Directory Server | 2024-11-21 | 7.5 High |
| The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | ||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.1 High |
| rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | ||||