Total
258077 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-5063 | 1 Apache | 1 Tomcat | 2023-12-10 | 4.3 MEDIUM | N/A |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. | |||||
CVE-2011-3906 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2011-0738 | 2 Globus, Ncsa | 2 Globus Toolkit, Myproxy | 2023-12-10 | 4.3 MEDIUM | N/A |
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. | |||||
CVE-2010-0849 | 1 Sun | 3 Jdk, Jre, Sdk | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. | |||||
CVE-2010-0598 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631. | |||||
CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
CVE-2010-0041 | 2 Apple, Microsoft | 2 Safari, Windows | 2023-12-10 | 4.3 MEDIUM | N/A |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | |||||
CVE-2010-1495 | 2 Joomla, Matamko | 2 Joomla\!, Com Matamko | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2011-1948 | 1 Plone | 1 Plone | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2010-4457 | 1 Sun | 1 Sunos | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. | |||||
CVE-2010-2602 | 1 Rim | 1 Blackberry Enterprise Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document. | |||||
CVE-2010-2125 | 2 Drupal, Systemseed | 2 Drupal, Rotor | 2023-12-10 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. | |||||
CVE-2010-3166 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. | |||||
CVE-2011-1412 | 4 Ioquake3, Linux, Openarena and 1 more | 4 Ioquake3 Engine, Linux Kernel, Openarena and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable. | |||||
CVE-2010-1583 | 2 Taskfreak, Tirzen | 2 Taskfreak\!, Tirzen Framework | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action. | |||||
CVE-2010-1320 | 1 Mit | 1 Kerberos 5 | 2023-12-10 | 4.0 MEDIUM | N/A |
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. | |||||
CVE-2012-1396 | 2 Goforandroid, Google | 2 Go Fbwidget, Android | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. | |||||
CVE-2010-3263 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | |||||
CVE-2011-4812 | 1 Bst | 1 Bestshoppro | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter. | |||||
CVE-2011-2614 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn. |