Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5020 | 1 Awstats | 1 Awstats | 2010-12-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2009-2624 | 1 Gnu | 1 Gzip | 2010-11-18 | 6.8 MEDIUM | N/A |
| The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
| CVE-2010-4068 | 1 Typo3 | 1 Typo3 | 2010-10-27 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | |||||
| CVE-2010-3716 | 1 Typo3 | 1 Typo3 | 2010-10-27 | 6.0 MEDIUM | N/A |
| The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | |||||
| CVE-2008-7264 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.0 MEDIUM | N/A |
| The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | |||||
| CVE-2007-6739 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 5.0 MEDIUM | N/A |
| FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command. | |||||
| CVE-2010-3750 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-19 | 9.3 HIGH | N/A |
| rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. | |||||
| CVE-2010-2998 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-19 | 9.3 HIGH | N/A |
| Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. | |||||
| CVE-2010-3901 | 1 Infradead | 1 Openconnect | 2010-10-14 | 6.4 MEDIUM | N/A |
| OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. | |||||
| CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-21 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-3320 | 1 Ibm | 1 Filenet Content Manager | 2010-09-14 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-2840 | 1 Cisco | 1 Unified Presence Server | 2010-09-09 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. | |||||
| CVE-2010-2074 | 1 W3m | 1 W3m | 2010-09-09 | 6.8 MEDIUM | N/A |
| istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2010-1129 | 1 Php | 1 Php | 2010-08-31 | 7.5 HIGH | N/A |
| The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. | |||||
| CVE-2010-0428 | 1 Redhat | 2 Enterprise Virtualization, Qspice | 2010-08-25 | 6.6 MEDIUM | N/A |
| libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2010-0431 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2010-08-25 | 6.6 MEDIUM | N/A |
| QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2010-2827 | 1 Cisco | 1 Ios | 2010-08-20 | 7.8 HIGH | N/A |
| Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. | |||||
| CVE-2010-2812 | 1 Znc | 1 Znc | 2010-08-18 | 5.0 MEDIUM | N/A |
| Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. | |||||
| CVE-2010-2474 | 1 Redhat | 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform | 2010-08-10 | 3.5 LOW | N/A |
| JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. | |||||
| CVE-2010-2819 | 1 Cisco | 4 Catalyst 6500, Catalyst 7600, Firewall Services Module and 1 more | 2010-08-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622. | |||||