Export limit exceeded: 334826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24474 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 9.8 Critical |
| Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | ||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | ||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.3 Medium |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | ||||
| CVE-2010-3667 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.3 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | ||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | ||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2024-11-21 | 6.5 Medium |
| It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | ||||
| CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2024-11-21 | 9.8 Critical |
| qtparted has insecure library loading which may allow arbitrary code execution | ||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-11-21 | 5.5 Medium |
| paxtest handles temporary files insecurely | ||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-11-21 | 4.8 Medium |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. | ||||
| CVE-2010-3293 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 5.5 Medium |
| mailscanner can allow local users to prevent virus signatures from being updated | ||||
| CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2024-11-21 | 9.1 Critical |
| IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | ||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 6.5 Medium |
| Mumble: murmur-server has DoS due to malformed client query | ||||
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2024-11-21 | 9.8 Critical |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | ||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.5 Medium |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | ||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-11-21 | 7.5 High |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | ||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2024-11-21 | 6.5 Medium |
| Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | ||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 9.8 Critical |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | ||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2024-11-21 | 9.8 Critical |
| Rbot Reaction plugin allows command execution | ||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | ||||
| CVE-2010-2061 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.8 High |
| rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | ||||