Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4215 | 1 Foswiki | 1 Foswiki | 2017-08-16 | 6.5 MEDIUM | N/A |
| UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | |||||
| CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2017-08-16 | 7.2 HIGH | N/A |
| Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2017-08-16 | 5.8 MEDIUM | N/A |
| WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2017-08-16 | 3.6 LOW | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | |||||
| CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2017-08-16 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | |||||
| CVE-2010-2644 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-16 | 5.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. | |||||
| CVE-2010-2518 | 1 Ibm | 4 Filenet P8 Business Process Manager, Filenet P8 Content Manager, P8 Content Engine and 1 more | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2454 | 1 Apple | 1 Safari | 2017-08-16 | 4.3 MEDIUM | N/A |
| Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
| CVE-2010-2363 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2017-08-16 | 5.8 MEDIUM | N/A |
| The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address. | |||||
| CVE-2010-2353 | 2 Drupal, Yves Chedemois | 2 Drupal, Cck | 2017-08-16 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. | |||||
| CVE-2010-2466 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-16 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | |||||
| CVE-2010-2320 | 1 Eterna | 1 Bozohttpd | 2017-08-16 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | |||||
| CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2017-08-16 | 3.3 LOW | N/A |
| Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2199 | 1 Rpm | 1 Rpm | 2017-08-16 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | |||||
| CVE-2010-2197 | 1 Rpm | 1 Rpm | 2017-08-16 | 5.8 MEDIUM | N/A |
| rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | |||||
| CVE-2010-2058 | 1 Prelude-technologies | 1 Prewikka | 2017-08-16 | 2.1 LOW | N/A |
| setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password. | |||||
| CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2017-08-16 | 5.8 MEDIUM | N/A |
| Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | |||||
| CVE-2010-1736 | 1 Aspindir | 1 Krm Haber | 2017-08-16 | 5.0 MEDIUM | N/A |
| KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | |||||
| CVE-2010-1574 | 1 Cisco | 2 Industrial Ethernet 3000, Ios | 2017-08-16 | 10.0 HIGH | N/A |
| IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. | |||||
| CVE-2010-1548 | 1 Chaos Tool Suite Project | 1 Ctools | 2017-08-16 | 3.5 LOW | N/A |
| The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title. | |||||