Total
299233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-10001 | 1 Shemes | 1 Grabit | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2010-0749 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | |||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | |||||
| CVE-2010-0747 | 2 Debian, Linbit | 2 Debian Linux, Drbd8 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | |||||
| CVE-2010-0737 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | |||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | |||||
| CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | |||||
| CVE-2010-0206 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. | |||||
| CVE-2010-0109 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. | |||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | |||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | |||||
| CVE-2009-5157 | 1 Linksys | 2 Wag54g2, Wag54g2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. | |||||
| CVE-2009-5156 | 1 Veracomp | 2 Asmax Ar-804gu, Asmax Ar-804gu Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string. | |||||
| CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | |||||
| CVE-2009-5154 | 1 Mobotix | 2 S14, S14 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | |||||
| CVE-2009-5153 | 1 Microfocus | 1 Netware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||||
| CVE-2009-5152 | 1 Absolute | 1 Computrace Agent | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file. | |||||
| CVE-2009-5151 | 1 Absolute | 1 Computrace Agent | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes. | |||||
| CVE-2009-5150 | 1 Absolute | 1 Computrace Agent | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted. | |||||
| CVE-2009-5144 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | |||||