Total
10464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| qtparted has insecure library loading which may allow arbitrary code execution | |||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| paxtest handles temporary files insecurely | |||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-11-21 | 4.4 MEDIUM | 4.8 MEDIUM |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. | |||||
| CVE-2010-3293 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| mailscanner can allow local users to prevent virus signatures from being updated | |||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mumble: murmur-server has DoS due to malformed client query | |||||
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | |||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | |||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rbot Reaction plugin allows command execution | |||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | |||||
| CVE-2010-2061 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | |||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | |||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | |||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | |||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| konversation before 1.2.3 allows attackers to cause a denial of service. | |||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | |||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | |||||
| CVE-2007-6763 | 1 Sas | 1 Sas Drug Development | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | |||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | |||||