Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3983 | 1 Sap | 1 Businessobjects | 2010-11-03 | 9.0 HIGH | N/A |
| CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | |||||
| CVE-2010-3981 | 1 Sap | 1 Businessobjects | 2010-11-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | |||||
| CVE-2010-3357 | 1 Pedro Castro | 1 Gnome-subtitles | 2010-11-03 | 6.9 MEDIUM | N/A |
| gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-2536 | 1 Adjam | 1 Rekonq | 2010-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history. | |||||
| CVE-2010-3354 | 1 Dropbox | 1 Dropbox | 2010-11-03 | 6.9 MEDIUM | N/A |
| dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2010-11-03 | 5.0 MEDIUM | N/A |
| The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | |||||
| CVE-2010-4145 | 1 Aspindir | 1 Kisisel Radyo Script | 2010-11-03 | 5.0 MEDIUM | N/A |
| Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | |||||
| CVE-2010-2242 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 2.1 LOW | N/A |
| Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | |||||
| CVE-2010-2239 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | |||||
| CVE-2010-2237 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2010-10-30 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2009-4893 | 1 Unrealircd | 1 Unrealircd | 2010-10-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-2584 | 1 Realpage | 1 Module Activex Controls | 2010-10-28 | 5.0 MEDIUM | N/A |
| The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property. | |||||
| CVE-2010-3713 | 1 Usebb | 1 Usebb | 2010-10-28 | 4.3 MEDIUM | N/A |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | |||||
| CVE-2010-2885 | 1 Adobe | 2 Robohelp, Robohelp Server | 2010-10-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. | |||||
| CVE-2010-3842 | 1 Curl | 1 Curl | 2010-10-28 | 5.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. | |||||
| CVE-2010-3162 | 1 Masahiko Watanabe | 1 Apsaly | 2010-10-28 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3156 | 1 K2top | 1 K2editor | 2010-10-28 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3157 | 1 Kmonos | 1 Xacrett | 2010-10-28 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. | |||||
| CVE-2010-2585 | 1 Realpage | 1 Module Activex Control | 2010-10-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value. | |||||