Total
291510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0704 | 1 Fedoraproject | 1 389 Directory Server | 2024-11-21 | N/A |
| 389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. | ||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-11-21 | 9.8 Critical |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | ||||
| CVE-2011-0699 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. | ||||
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 6.1 Medium |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | ||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-11-21 | 7.5 High |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | ||||
| CVE-2011-0525 | 1 Batavi | 1 Batavi | 2024-11-21 | 8.8 High |
| Batavi before 1.0 has CSRF. | ||||
| CVE-2011-0467 | 1 Suse | 2 Studio Onsite, Studio Onsite Appliance | 2024-11-21 | N/A |
| A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. | ||||
| CVE-2011-0428 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | ||||
| CVE-2011-0220 | 1 Apple | 1 Bonjour | 2024-11-21 | 5.5 Medium |
| Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. | ||||
| CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | ||||
| CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | ||||
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | ||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | ||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | ||||
| CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.5 High |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | ||||
| CVE-2010-5334 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.5 High |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | ||||
| CVE-2010-5333 | 2 Integard Home Project, Integard Pro Project | 2 Integard Home, Integard Pro | 2024-11-21 | 9.8 Critical |
| The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow. | ||||
| CVE-2010-5332 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.6 Medium |
| In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. | ||||
| CVE-2010-5331 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used | ||||
| CVE-2010-5304 | 2 Fedoraproject, Libvncserver Project | 2 Fedora, Libvncserver | 2024-11-21 | 7.5 High |
| A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | ||||