Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3872 | 1 Apache | 1 Mod Fcgid | 2017-08-16 | 7.2 HIGH | N/A |
| The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite." | |||||
| CVE-2010-3905 | 1 Eucalyptus | 1 Eucalyptus | 2017-08-16 | 7.5 HIGH | N/A |
| The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. | |||||
| CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2017-08-16 | 10.0 HIGH | N/A |
| The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | |||||
| CVE-2010-3915 | 1 Justsystems | 1 Ichitaro | 2017-08-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916. | |||||
| CVE-2010-3916 | 1 Justsystems | 1 Ichitaro | 2017-08-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915. | |||||
| CVE-2010-3924 | 1 Aimluck | 1 Aipo | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3925 | 1 Wb-i | 1 Contents-mall | 2017-08-16 | 5.8 MEDIUM | N/A |
| Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | |||||
| CVE-2010-3926 | 1 Wb-i | 2 Sgx-sp Final, Sgx-sp Final Ne | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3927 | 1 Lunascape | 1 Lunascape | 2017-08-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2010-3928 | 1 Wayneeseguin | 1 Ruby Version Manager | 2017-08-16 | 6.8 MEDIUM | N/A |
| Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3929 | 1 Modxcms | 1 Evolution | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2017-08-16 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2010-4010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | |||||
| CVE-2010-4015 | 1 Postgresql | 1 Postgresql | 2017-08-16 | 6.5 MEDIUM | N/A |
| Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. | |||||
| CVE-2010-4030 | 1 Hp | 1 Insight Control Performance Management | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4031 | 1 Hp | 1 Insight Control Performance Management | 2017-08-16 | 8.0 HIGH | N/A |
| Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2010-4032 | 1 Hp | 1 Insight Control Performance Management | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4053 | 1 Ibm | 1 Informix Dynamic Server | 2017-08-16 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243. | |||||
| CVE-2010-4055 | 1 Ibm | 1 Soliddb | 2017-08-16 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. | |||||
| CVE-2010-4056 | 1 Ibm | 1 Soliddb | 2017-08-16 | 5.0 MEDIUM | N/A |
| solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. | |||||