Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3734 | 1 Ibm | 1 Db2 | 2017-09-18 | 5.0 MEDIUM | N/A |
| The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | |||||
| CVE-2010-3733 | 1 Ibm | 1 Db2 | 2017-09-18 | 7.2 HIGH | N/A |
| The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. | |||||
| CVE-2010-3475 | 1 Ibm | 1 Db2 | 2017-09-18 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | |||||
| CVE-2010-3474 | 1 Ibm | 1 Db2 | 2017-09-18 | 5.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | |||||
| CVE-2010-3433 | 1 Postgresql | 1 Postgresql | 2017-09-18 | 6.0 MEDIUM | N/A |
| The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | |||||
| CVE-2010-3197 | 1 Ibm | 1 Db2 | 2017-09-18 | 5.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-3196 | 1 Ibm | 1 Db2 | 2017-09-18 | 3.5 LOW | N/A |
| IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | |||||
| CVE-2010-3194 | 1 Ibm | 1 Db2 | 2017-09-18 | 7.5 HIGH | N/A |
| The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. | |||||
| CVE-2010-3178 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-18 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. | |||||
| CVE-2010-3107 | 1 Novell | 1 Iprint | 2017-09-18 | 7.1 HIGH | N/A |
| A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module. | |||||
| CVE-2010-3020 | 1 Opera | 1 Opera Browser | 2017-09-18 | 5.0 MEDIUM | N/A |
| The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. | |||||
| CVE-2010-2764 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-18 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | |||||
| CVE-2010-2762 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-18 | 6.8 MEDIUM | N/A |
| The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. | |||||
| CVE-2010-2751 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-18 | 2.6 LOW | N/A |
| The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. | |||||
| CVE-2010-1975 | 1 Postgresql | 1 Postgresql | 2017-09-18 | 5.5 MEDIUM | N/A |
| PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. | |||||
| CVE-2010-1805 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-18 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | |||||
| CVE-2010-1663 | 1 Google | 1 Chrome | 2017-09-18 | 10.0 HIGH | N/A |
| The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2010-1505 | 1 Google | 1 Chrome | 2017-09-18 | 10.0 HIGH | N/A |
| Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors. | |||||
| CVE-2010-1447 | 1 Postgresql | 1 Postgresql | 2017-09-18 | 8.5 HIGH | N/A |
| The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | |||||
| CVE-2010-1439 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Rhn-client-tools and 1 more | 2017-09-18 | 3.6 LOW | N/A |
| yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. | |||||