Total
246947 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2178 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. | |||||
CVE-2009-4386 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors. | |||||
CVE-2009-5014 | 1 Turbogears | 1 Turbogears2 | 2023-12-10 | 7.5 HIGH | N/A |
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | |||||
CVE-2011-2638 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com. | |||||
CVE-2011-2675 | 1 Utage.org | 1 Enkai | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-2577 | 1 Cisco | 11 Telepresence 6000 Mxp, Telepresence 9000 Mxp, Telepresence C Series Software and 8 more | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | |||||
CVE-2012-0909 | 1 Horde | 1 Groupware Webmail Edition | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. | |||||
CVE-2011-4249 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 10.0 HIGH | N/A |
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2010-2041 | 1 Php-calendar | 1 Php-calendar | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. | |||||
CVE-2010-0074 | 1 Oracle | 1 Bea Product Suite | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. | |||||
CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2023-12-10 | 3.7 LOW | N/A |
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | |||||
CVE-2011-1472 | 1 Nokia | 2 E75, E75 Firmware | 2023-12-10 | 7.2 HIGH | N/A |
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | |||||
CVE-2010-0924 | 2 Apple, Microsoft | 2 Safari, Windows | 2023-12-10 | 5.0 MEDIUM | N/A |
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | |||||
CVE-2011-4039 | 2 Dreamreport, Invensys | 2 Dream Report, Wonderware Hmi Reports | 2023-12-10 | 9.3 HIGH | N/A |
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation." | |||||
CVE-2011-2629 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de. | |||||
CVE-2010-3410 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1825. Reason: This candidate is a duplicate of CVE-2010-1825. Notes: All CVE users should reference CVE-2010-1825 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2010-3943 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." | |||||
CVE-2011-1324 | 1 Buffalotech | 43 As-100, Bbr-4hg, Bbr-4hg Firmware and 40 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | |||||
CVE-2011-2673 | 1 Basercms | 1 Basercms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-1399 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. |