Vulnerabilities (CVE)

Total 82122 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3662 1 Typo3 1 Typo3 2024-11-21 6.5 MEDIUM 8.8 HIGH
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
CVE-2010-3305 1 Pixelpost 1 Pixelpost 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
CVE-2010-3048 1 Cisco 1 Unified Personal Communicator 2024-11-21 5.0 MEDIUM 7.5 HIGH
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.
CVE-2010-2525 1 Linux 1 Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.
CVE-2010-2488 1 Znc 1 Znc 2024-11-21 5.0 MEDIUM 7.5 HIGH
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.
CVE-2010-2450 2 Debian, Shibboleth 2 Debian Linux, Service Provider 2024-11-21 5.0 MEDIUM 7.5 HIGH
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
CVE-2010-2247 1 Makepasswd Project 1 Makepasswd 2024-11-21 5.0 MEDIUM 7.5 HIGH
makepasswd 1.10 default settings generate insecure passwords
CVE-2010-2243 1 Linux 1 Linux Kernel 2024-11-21 7.8 HIGH 7.5 HIGH
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
CVE-2010-2222 1 Redhat 2 389 Directory Server, Directory Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
CVE-2010-2064 1 Rpcbind Project 1 Rpcbind 2024-11-21 3.6 LOW 7.1 HIGH
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
CVE-2010-2061 1 Rpcbind Project 1 Rpcbind 2024-11-21 7.2 HIGH 7.8 HIGH
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
CVE-2010-1678 1 Osgeo 1 Mapserver 2024-11-21 5.0 MEDIUM 7.5 HIGH
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
CVE-2010-1434 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM 7.5 HIGH
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
CVE-2010-1432 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM 7.5 HIGH
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
CVE-2010-0747 2 Debian, Linbit 2 Debian Linux, Drbd8 2024-11-21 4.6 MEDIUM 7.8 HIGH
drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725.
CVE-2010-0737 1 Redhat 1 Jboss Operations Network 2024-11-21 5.2 MEDIUM 8.0 HIGH
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
CVE-2009-5157 1 Linksys 2 Wag54g2, Wag54g2 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
CVE-2009-5155 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
CVE-2009-5144 1 Mod Gnutls Project 1 Mod Gnutls 2024-11-21 5.0 MEDIUM 7.5 HIGH
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
CVE-2009-5140 1 Linksys 2 Spa2102, Spa2102 Firmware 2024-11-21 4.3 MEDIUM 8.8 HIGH
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.