CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3301 CVE-2011-1031 59 2011-02-14 2011-05-27
3.3
None Local Medium Not required None Partial Partial
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
3302 CVE-2011-1029 79 XSS 2011-02-14 2017-08-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.
3303 CVE-2011-1021 264 2012-06-21 2012-06-22
3.6
None Local Low Not required None Partial Partial
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
3304 CVE-2011-0905 119 DoS Overflow 2011-05-10 2017-08-16
3.5
None Remote Medium Single system None None Partial
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
3305 CVE-2011-0904 119 DoS Overflow 2011-05-10 2017-08-16
3.5
None Remote Medium Single system None None Partial
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
3306 CVE-2011-0839 2011-04-20 2012-08-03
3.7
None Local High Multiple systems None None Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
3307 CVE-2011-0836 2011-04-20 2012-08-03
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
3308 CVE-2011-0827 2011-04-20 2012-08-03
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise component in Oracle PeopleSoft Products 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 allows remote authenticated users to affect integrity via unknown vectors related to PeopleTools.
3309 CVE-2011-0826 2011-04-20 2012-08-03
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4 allows remote authenticated users to affect integrity via unknown vectors related to Application Portal.
3310 CVE-2011-0821 2011-04-20 2012-08-03
3.0
None Local Medium Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.
3311 CVE-2011-0812 2011-04-20 2012-08-03
3.7
None Local High Multiple systems None None Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
3312 CVE-2011-0804 2011-04-19 2011-04-20
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
3313 CVE-2011-0801 2011-04-19 2011-04-20
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
3314 CVE-2011-0795 2011-04-19 2011-04-20
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring.
3315 CVE-2011-0793 2011-04-19 2011-04-20
3.6
None Remote High Single system None Partial Partial
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA.
3316 CVE-2011-0728 79 XSS 2011-03-29 2017-08-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.
3317 CVE-2011-0702 59 2011-02-14 2011-02-15
3.3
None Local Medium Not required None Partial Partial
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
3318 CVE-2011-0700 79 XSS 2011-03-14 2017-11-21
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
3319 CVE-2011-0543 264 Bypass 2011-09-02 2014-02-11
3.3
None Local Medium Not required None Partial Partial
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
3320 CVE-2011-0542 264 2011-09-02 2011-09-05
3.3
None Local Medium Not required None Partial Partial
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
3321 CVE-2011-0541 59 2011-09-02 2014-02-11
3.3
None Local Medium Not required None Partial Partial
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
3322 CVE-2011-0442 310 +Info 2011-03-16 2018-10-09
3.5
None Remote Medium Single system Partial None None
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
3323 CVE-2011-0345 22 Dir. Trav. 2011-03-08 2018-10-10
3.3
None Local Network Low Not required Partial None None
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
3324 CVE-2011-0311 119 DoS Overflow 2011-09-02 2017-08-16
3.5
None Remote Medium Single system None None Partial
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
3325 CVE-2011-0012 59 2011-04-18 2011-04-18
3.3
None Local Medium Not required None Partial Partial
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
3326 CVE-2011-0007 59 2011-01-10 2017-08-16
3.3
None Local Medium Not required None Partial Partial
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.
3327 CVE-2010-5105 59 2014-04-27 2015-11-05
3.3
None Local Medium Not required None Partial Partial
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
3328 CVE-2010-5100 79 XSS 2012-05-21 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3329 CVE-2010-5098 79 XSS 2012-05-21 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3330 CVE-2010-4819 20 DoS 2012-09-05 2012-09-13
3.6
None Local Low Not required Partial None Partial
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
3331 CVE-2010-4813 79 XSS 2011-07-08 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
3332 CVE-2010-4807 362 DoS Overflow 2011-05-26 2011-07-13
3.5
None Remote Medium Single system None None Partial
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
3333 CVE-2010-4762 79 XSS 2011-03-18 2011-03-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
3334 CVE-2010-4760 200 +Info 2011-03-18 2011-03-22
3.5
None Remote Medium Single system Partial None None
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
3335 CVE-2010-4648 2012-06-21 2012-06-26
3.3
None Local Network Low Not required Partial None None
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
3336 CVE-2010-4644 399 DoS 2011-01-07 2017-08-16
3.5
None Remote Medium Single system None None Partial
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3337 CVE-2010-4624 264 Bypass 2010-12-30 2017-08-16
3.5
None Remote Medium Single system None Partial None
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
3338 CVE-2010-4547 264 Bypass 2010-12-16 2010-12-17
3.5
None Remote Medium Single system None Partial None
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
3339 CVE-2010-4460 2011-01-19 2017-08-16
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
3340 CVE-2010-4450 2011-02-17 2018-10-30
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
3341 CVE-2010-4432 2011-01-19 2017-08-16
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.
3342 CVE-2010-4429 2011-01-19 2017-08-16
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505.
3343 CVE-2010-4427 2011-01-19 2017-08-16
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
3344 CVE-2010-4425 2011-01-19 2017-08-16
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
3345 CVE-2010-4420 2011-01-19 2017-08-16
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.
3346 CVE-2010-4355 79 XSS 2010-12-01 2017-08-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.
3347 CVE-2010-4337 59 2011-01-14 2012-06-18
3.3
None Local Medium Not required None Partial Partial
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
3348 CVE-2010-4322 79 XSS 2011-01-07 2018-10-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
3349 CVE-2010-4275 79 1 XSS 2010-12-21 2017-08-16
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
3350 CVE-2010-4173 59 2010-11-22 2010-11-30
3.3
None Local Medium Not required None Partial Partial
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
Total number of vulnerabilities : 3882   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 (This Page)68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.