CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2751 CVE-2010-3861 200 +Info 2010-12-10 2012-03-19
2.1
None Local Low Not required Partial None None
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.
2752 CVE-2010-3735 399 DoS 2010-10-05 2017-09-18
2.1
None Remote High Single system None None Partial
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.
2753 CVE-2010-3699 399 DoS 2010-12-08 2018-10-10
2.7
None Local Network Low Single system None None Partial
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
2754 CVE-2010-3684 255 +Info 2010-09-29 2018-10-10
2.1
None Local Low Not required Partial None None
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
2755 CVE-2010-3560 2010-10-19 2017-09-18
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
2756 CVE-2010-3513 2010-10-13 2010-11-11
2.4
None Local High Single system None Partial Partial
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.
2757 CVE-2010-3511 2010-10-13 2010-11-11
2.6
None Local High Not required None Partial Partial
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.
2758 CVE-2010-3477 399 +Info 2010-09-21 2018-10-10
2.1
None Local Low Not required Partial None None
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
2759 CVE-2010-3297 200 +Info 2010-09-30 2012-03-19
2.1
None Local Low Not required Partial None None
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.
2760 CVE-2010-3277 264 2010-09-28 2010-09-29
2.1
None Local Low Not required None Partial None
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
2761 CVE-2010-3264 255 +Info 2010-09-08 2010-09-09
2.1
None Local Low Not required Partial None None
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
2762 CVE-2010-3256 399 2010-09-07 2017-09-18
2.6
None Remote High Not required None None Partial
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
2763 CVE-2010-3245 200 +Info 2010-09-07 2013-01-04
2.1
None Local Low Not required Partial None None
The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.
2764 CVE-2010-3172 94 Http R.Spl. 2010-11-05 2010-12-16
2.6
None Remote High Not required None Partial None
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
2765 CVE-2010-3094 79 XSS 2010-09-21 2010-09-22
2.1
None Remote High Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
2766 CVE-2010-3078 399 +Info 2010-09-21 2018-10-10
2.1
None Local Low Not required Partial None None
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
2767 CVE-2010-3074 310 +Info 2010-09-17 2011-01-14
2.1
None Local Low Not required Partial None None
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
2768 CVE-2010-3073 310 +Info 2010-09-17 2011-01-14
2.1
None Local Low Not required Partial None None
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
2769 CVE-2010-3022 79 XSS 2010-08-16 2017-08-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL.
2770 CVE-2010-2975 200 +Info 2010-08-10 2010-08-10
2.1
None Local Low Not required Partial None None
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
2771 CVE-2010-2957 79 XSS 2010-09-10 2010-09-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2772 CVE-2010-2946 20 Bypass 2010-09-29 2018-11-19
2.1
None Local Low Not required None Partial None
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
2773 CVE-2010-2942 399 +Info 2010-09-21 2018-10-10
2.1
None Local Low Not required Partial None None
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
2774 CVE-2010-2928 255 +Priv 2011-02-15 2018-10-10
2.1
None Local Low Not required Partial None None
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
2775 CVE-2010-2913 200 +Info 2010-07-30 2017-08-16
2.1
None Local Low Not required Partial None None
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.
2776 CVE-2010-2854 79 XSS 2010-07-24 2010-07-26
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.
2777 CVE-2010-2852 79 XSS 2010-07-24 2017-08-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
2778 CVE-2010-2796 79 XSS 2010-08-05 2017-08-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.
2779 CVE-2010-2788 79 XSS 2011-04-26 2011-09-06
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
2780 CVE-2010-2751 264 2010-07-30 2017-09-18
2.6
None Remote High Not required None Partial None
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
2781 CVE-2010-2724 79 XSS 2010-07-13 2017-08-16
2.1
None Remote High Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.
2782 CVE-2010-2612 200 +Info 2010-07-02 2018-10-30
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.
2783 CVE-2010-2603 310 2010-12-17 2011-01-12
2.1
None Local Low Not required Partial None None
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack.
2784 CVE-2010-2574 79 XSS 2010-08-10 2018-10-10
2.1
None Remote High Single system None Partial None
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
2785 CVE-2010-2539 119 DoS Overflow 2010-08-02 2017-08-16
2.1
None Local Low Not required None None Partial
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
2786 CVE-2010-2522 264 2010-07-13 2011-01-14
2.1
None Local Low Not required None Partial None
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
2787 CVE-2010-2506 79 XSS 2010-06-28 2018-10-10
2.9
None Local Network Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
2788 CVE-2010-2431 59 2010-06-22 2013-05-14
2.6
None Local High Not required None Partial Partial
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
2789 CVE-2010-2414 2010-10-13 2010-11-11
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors.
2790 CVE-2010-2403 2010-07-13 2012-10-22
2.1
None Remote High Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.
2791 CVE-2010-2397 2010-07-13 2012-10-22
2.4
None Local High Single system Partial Partial None
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI.
2792 CVE-2010-2322 22 Dir. Trav. 2010-06-18 2013-04-18
2.6
None Remote High Not required None Partial None
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
2793 CVE-2010-2244 DoS 2010-07-08 2010-11-06
2.9
None Local Network Medium Not required None None Partial
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
2794 CVE-2010-2242 264 Bypass 2010-08-19 2010-10-30
2.1
None Local Low Not required Partial None None
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
2795 CVE-2010-2241 264 +Info 2010-08-17 2018-10-30
2.1
None Local Low Not required Partial None None
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
2796 CVE-2010-2224 264 +Info 2010-06-24 2013-01-15
2.1
None Local Low Not required Partial None None
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
2797 CVE-2010-2223 264 +Info 2010-06-24 2010-06-25
2.1
None Local Low Not required Partial None None
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
2798 CVE-2010-2158 79 XSS 2010-06-07 2010-06-08
2.1
None Remote High Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2799 CVE-2010-2157 +Info 2010-06-07 2018-10-10
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.
2800 CVE-2010-2151 352 CSRF 2010-06-03 2010-06-04
2.6
None Remote High Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.
Total number of vulnerabilities : 4720   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 (This Page)57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.