Total
93712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3667 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | |||||
| CVE-2010-3666 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | |||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
| CVE-2010-3661 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | |||||
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | |||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | |||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | |||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| paxtest handles temporary files insecurely | |||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-11-21 | 4.4 MEDIUM | 4.8 MEDIUM |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. | |||||
| CVE-2010-3300 | 1 Owasp | 1 Enterprise Security Api For Java | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2010-3293 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| mailscanner can allow local users to prevent virus signatures from being updated | |||||
| CVE-2010-3292 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | |||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | |||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | |||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mumble: murmur-server has DoS due to malformed client query | |||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | |||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | |||||
| CVE-2010-2471 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Drupal versions 5.x and 6.x has open redirection | |||||