Total
248795 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0412 | 1 Sun | 1 Sunos | 2023-12-10 | 2.1 LOW | N/A |
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | |||||
CVE-2010-4381 | 2 Apple, Realnetworks | 3 Mac Os X, Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file. | |||||
CVE-2010-0165 | 1 Mozilla | 1 Firefox | 2023-12-10 | 9.3 HIGH | N/A |
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. | |||||
CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2023-12-10 | 7.5 HIGH | N/A |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | |||||
CVE-2010-4323 | 1 Novell | 1 Zenworks Configuration Manager | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. | |||||
CVE-2010-0252 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." | |||||
CVE-2010-4756 | 1 Gnu | 1 Glibc | 2023-12-10 | 4.0 MEDIUM | N/A |
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | |||||
CVE-2010-1311 | 2 Clamav, Clamavs | 2 Clamav, Clamav | 2023-12-10 | 5.0 MEDIUM | N/A |
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-2157 | 1 Smartertools | 1 Smarterstats | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | |||||
CVE-2009-4470 | 1 Dvbbs | 1 Dvbbs | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter. | |||||
CVE-2011-3574 | 1 Oracle | 1 Communications Unified | 2023-12-10 | 3.3 LOW | N/A |
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. | |||||
CVE-2010-4378 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream. | |||||
CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2071 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.6 MEDIUM | N/A |
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. | |||||
CVE-2010-2032 | 1 Caucho | 1 Resin | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-7302 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." | |||||
CVE-2010-4193 | 1 Adobe | 1 Shockwave Player | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2010-1402 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. | |||||
CVE-2012-1474 | 2 Google, Sdo | 2 Android, Youni Sms | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors. | |||||
CVE-2011-3327 | 1 Quagga | 1 Quagga | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. |