Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-2347 | 1 Sap | 2 J2ee Engine Core, Server Core | 2024-08-07 | N/A |
The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. | ||||
CVE-2010-2353 | 2 Drupal, Yves Chedemois | 2 Drupal, Cck | 2024-08-07 | N/A |
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. | ||||
CVE-2010-2363 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2024-08-07 | N/A |
The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address. | ||||
CVE-2010-2320 | 1 Eterna | 1 Bozohttpd | 2024-08-07 | N/A |
bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | ||||
CVE-2010-2296 | 1 Google | 1 Chrome | 2024-08-07 | N/A |
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | ||||
CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2024-08-07 | N/A |
Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-2242 | 2 Libvirt, Redhat | 2 Libvirt, Rhel Virtualization | 2024-08-07 | N/A |
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | ||||
CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2024-08-07 | N/A |
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | ||||
CVE-2010-2223 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization Hypervisor | 2024-08-07 | N/A |
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | ||||
CVE-2010-2239 | 2 Libvirt, Redhat | 2 Libvirt, Rhel Virtualization | 2024-08-07 | N/A |
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | ||||
CVE-2010-2241 | 1 Redhat | 1 Directory Server | 2024-08-07 | N/A |
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. | ||||
CVE-2010-2199 | 1 Rpm | 1 Rpm | 2024-08-07 | N/A |
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | ||||
CVE-2010-2237 | 1 Libvirt | 1 Libvirt | 2024-08-07 | N/A |
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | ||||
CVE-2010-2224 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization Manager | 2024-08-07 | N/A |
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | ||||
CVE-2010-2197 | 1 Rpm | 1 Rpm | 2024-08-07 | N/A |
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | ||||
CVE-2010-2059 | 2 Redhat, Rpm | 2 Enterprise Linux, Rpm | 2024-08-07 | N/A |
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. | ||||
CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2024-08-07 | N/A |
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | ||||
CVE-2010-2071 | 1 Linux | 1 Linux Kernel | 2024-08-07 | N/A |
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. | ||||
CVE-2010-2058 | 1 Prelude-technologies | 1 Prewikka | 2024-08-07 | N/A |
setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password. | ||||
CVE-2010-1975 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2024-08-07 | N/A |
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. |