Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3592 | 1 Oracle | 1 Fusion Middleware | 2017-08-16 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Internal Operations. | |||||
| CVE-2010-3593 | 1 Oracle | 2 Argus Safety, Industry Applications | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Health Sciences - Oracle Argus Safety component in Oracle Industry Applications 5.0, 5.0.1, 5.0.2, and 5.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Login and LDAP. | |||||
| CVE-2010-3594 | 1 Oracle | 1 Enterprise Manager Grid Control | 2017-08-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files. | |||||
| CVE-2010-3597 | 1 Oracle | 1 Fusion Middleware | 2017-08-16 | 1.9 LOW | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK. | |||||
| CVE-2010-3598 | 1 Oracle | 1 Fusion Middleware | 2017-08-16 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility. | |||||
| CVE-2010-3600 | 1 Oracle | 2 Database Server, Enterprise Manager Grid Control | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code. | |||||
| CVE-2010-3602 | 1 Sourcetreesolutions | 1 Mojoportal | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3603 | 1 Sourcetreesolutions | 1 Mojoportal | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. | |||||
| CVE-2010-3606 | 1 Netartmedia | 1 Real Estate Portal | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. | |||||
| CVE-2010-3607 | 1 Netartmedia | 1 Real Estate Portal | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2010-3611 | 1 Isc | 1 Dhcp | 2017-08-16 | 4.3 MEDIUM | N/A |
| ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. | |||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2017-08-16 | 4.3 MEDIUM | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | |||||
| CVE-2010-3764 | 1 Mozilla | 1 Bugzilla | 2017-08-16 | 5.0 MEDIUM | N/A |
| The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | |||||
| CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
| Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |||||
| CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
| iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |||||
| CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2017-08-16 | 5.8 MEDIUM | N/A |
| WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
| CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2017-08-16 | 7.2 HIGH | N/A |
| Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-3831 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
| Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | |||||
| CVE-2010-3841 | 1 Twiki | 1 Twiki | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. | |||||
| CVE-2010-3871 | 1 Mahara | 1 Mahara | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||