| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
14801 |
CVE-2010-4305 |
310 |
|
+Info |
2010-11-22 |
2010-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052. |
|
14802 |
CVE-2010-4301 |
399 |
1
|
DoS |
2010-11-26 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. |
|
14803 |
CVE-2010-4270 |
22 |
|
Dir. Trav. |
2010-11-16 |
2010-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. |
|
14804 |
CVE-2010-4263 |
|
|
DoS |
2011-01-18 |
2018-10-10 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. |
|
14805 |
CVE-2010-4260 |
|
|
DoS Exec Code |
2010-12-07 |
2011-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." |
|
14806 |
CVE-2010-4247 |
20 |
|
DoS |
2011-01-10 |
2018-10-10 |
5.5 |
None |
Local Network |
Low |
Single system |
None |
None |
Complete |
|
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. |
|
14807 |
CVE-2010-4238 |
264 |
|
DoS |
2011-01-22 |
2018-10-10 |
5.5 |
None |
Local Network |
Low |
Single system |
None |
None |
Complete |
|
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. |
|
14808 |
CVE-2010-4226 |
59 |
|
|
2014-02-06 |
2014-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. |
|
14809 |
CVE-2010-4225 |
200 |
|
+Info |
2011-01-10 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." |
|
14810 |
CVE-2010-4217 |
399 |
|
DoS |
2010-11-09 |
2010-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. |
|
14811 |
CVE-2010-4216 |
119 |
|
DoS Overflow |
2010-11-09 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. |
|
14812 |
CVE-2010-4184 |
310 |
|
+Info |
2010-11-05 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. |
|
14813 |
CVE-2010-4181 |
22 |
1
|
Dir. Trav. |
2010-11-04 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. |
|
14814 |
CVE-2010-4168 |
399 |
|
DoS |
2010-11-17 |
2010-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. |
|
14815 |
CVE-2010-4156 |
20 |
|
+Info |
2010-11-09 |
2011-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). |
|
14816 |
CVE-2010-4150 |
399 |
|
DoS Exec Code Mem. Corr. |
2010-12-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. |
|
14817 |
CVE-2010-4145 |
264 |
2
|
|
2010-11-01 |
2010-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. |
|
14818 |
CVE-2010-4112 |
200 |
|
+Info |
2010-12-22 |
2011-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path. |
|
14819 |
CVE-2010-4110 |
|
|
DoS +Priv |
2010-12-22 |
2011-01-11 |
5.7 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Complete |
|
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. |
|
14820 |
CVE-2010-4104 |
|
|
|
2010-11-01 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
14821 |
CVE-2010-4103 |
|
|
|
2010-11-01 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
14822 |
CVE-2010-4102 |
|
|
|
2010-11-01 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
14823 |
CVE-2010-4100 |
|
|
|
2010-11-01 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. |
|
14824 |
CVE-2010-4098 |
|
|
DoS |
2010-10-27 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. |
|
14825 |
CVE-2010-4094 |
255 |
|
Exec Code |
2010-10-26 |
2011-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. |
|
14826 |
CVE-2010-4057 |
189 |
1
|
DoS |
2010-10-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. |
|
14827 |
CVE-2010-4056 |
|
1
|
DoS |
2010-10-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. |
|
14828 |
CVE-2010-4055 |
399 |
1
|
DoS |
2010-10-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. |
|
14829 |
CVE-2010-4052 |
399 |
1
|
DoS |
2011-01-13 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. |
|
14830 |
CVE-2010-4051 |
|
1
|
DoS Overflow Bypass |
2011-01-13 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
|
14831 |
CVE-2010-4033 |
|
|
|
2010-10-21 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors. |
|
14832 |
CVE-2010-4027 |
|
|
|
2010-10-28 |
2010-11-11 |
5.6 |
None |
Local |
High |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. |
|
14833 |
CVE-2010-4022 |
20 |
|
DoS |
2011-02-10 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. |
|
14834 |
CVE-2010-4007 |
310 |
|
|
2010-10-20 |
2010-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. |
|
14835 |
CVE-2010-3990 |
|
|
|
2010-10-28 |
2010-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors. |
|
14836 |
CVE-2010-3988 |
|
|
DoS Bypass |
2010-10-28 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors. |
|
14837 |
CVE-2010-3986 |
|
|
|
2010-10-26 |
2010-11-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. |
|
14838 |
CVE-2010-3982 |
200 |
|
+Info |
2010-10-18 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. |
|
14839 |
CVE-2010-3979 |
200 |
|
+Info |
2010-10-18 |
2010-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. |
|
14840 |
CVE-2010-3978 |
200 |
|
+Info |
2010-11-17 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. |
|
14841 |
CVE-2010-3930 |
22 |
|
Dir. Trav. |
2011-02-01 |
2011-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. |
|
14842 |
CVE-2010-3925 |
255 |
|
+Info |
2011-01-13 |
2017-08-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. |
|
14843 |
CVE-2010-3919 |
264 |
|
|
2010-12-10 |
2010-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. |
|
14844 |
CVE-2010-3918 |
264 |
|
|
2010-12-10 |
2010-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. |
|
14845 |
CVE-2010-3903 |
|
|
DoS |
2010-10-14 |
2010-11-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. |
|
14846 |
CVE-2010-3902 |
200 |
|
+Info |
2010-10-14 |
2011-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. |
|
14847 |
CVE-2010-3900 |
|
|
|
2010-10-14 |
2011-02-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. |
|
14848 |
CVE-2010-3899 |
399 |
1
|
DoS |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. |
|
14849 |
CVE-2010-3898 |
264 |
|
Bypass |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. |
|
14850 |
CVE-2010-3897 |
255 |
|
+Info |
2010-11-12 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. |
