Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4461 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-16 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. | |||||
| CVE-2011-0993 | 1 Novell | 1 Suse Lifecycle Management Server | 2017-08-16 | 2.1 LOW | N/A |
| SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-0995 | 2 Novell, Rubyforge | 2 Suse Linux Enterprise, Rubygem-sqlite3 | 2017-08-16 | 2.1 LOW | N/A |
| The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2010-4464 | 1 Oracle | 1 Sun Convergence | 2017-08-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | |||||
| CVE-2010-4496 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4497 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4498 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | |||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-16 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-4506 | 1 Oracle | 1 Passlogix V-go Self-service Password Reset And Oem | 2017-08-16 | 6.2 MEDIUM | N/A |
| Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | |||||
| CVE-2010-4509 | 1 Sixapart | 1 Movabletype | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. | |||||
| CVE-2010-4511 | 1 Sixapart | 1 Movabletype | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." | |||||
| CVE-2010-4525 | 1 Linux | 1 Linux Kernel | 2017-08-16 | 1.9 LOW | N/A |
| Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | |||||
| CVE-2010-4544 | 1 Ibm | 1 Lotus Notes Traveler | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4554 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-16 | 4.3 MEDIUM | N/A |
| functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2010-4555 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | |||||
| CVE-2010-4556 | 1 Sap | 1 Netweaver Business Client | 2017-08-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | |||||
| CVE-2010-4567 | 1 Mozilla | 1 Bugzilla | 2017-08-16 | 4.3 MEDIUM | N/A |
| Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. | |||||
| CVE-2010-4568 | 1 Mozilla | 1 Bugzilla | 2017-08-16 | 7.5 HIGH | N/A |
| Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function. | |||||
| CVE-2010-4569 | 1 Mozilla | 1 Bugzilla | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. | |||||
| CVE-2010-4570 | 1 Mozilla | 1 Bugzilla | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. | |||||