Export limit exceeded: 344146 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5486 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3713 | 1 Usebb | 1 Usebb | 2025-04-11 | N/A |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | ||||
| CVE-2010-3706 | 1 Dovecot | 1 Dovecot | 2025-04-11 | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | ||||
| CVE-2010-3707 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2025-04-11 | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | ||||
| CVE-2010-3714 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | ||||
| CVE-2010-3733 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. | ||||
| CVE-2010-3734 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | ||||
| CVE-2010-3738 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | ||||
| CVE-2010-3779 | 1 Dovecot | 1 Dovecot | 2025-04-11 | N/A |
| Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | ||||
| CVE-2010-3781 | 2 Alvaro Herrera, Postgresql | 2 Pl\/php, Postgresql | 2025-04-11 | N/A |
| The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433. | ||||
| CVE-2010-3783 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. | ||||
| CVE-2010-4145 | 1 Aspindir | 1 Kisisel Radyo Script | 2025-04-11 | N/A |
| Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | ||||
| CVE-2010-4170 | 2 Redhat, Systemtap | 2 Enterprise Linux, Systemtap | 2025-04-11 | N/A |
| The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. | ||||
| CVE-2010-4179 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | N/A |
| The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. | ||||
| CVE-2010-4212 | 2 Google, Usaa | 2 Android, Usaa | 2025-04-11 | N/A |
| The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | ||||
| CVE-2010-4215 | 1 Foswiki | 1 Foswiki | 2025-04-11 | N/A |
| UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | ||||
| CVE-2010-4238 | 3 Citrix, Linux, Redhat | 3 Xen, Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-4274 | 1 Ibm | 1 Director Agent | 2025-04-11 | N/A |
| reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | ||||
| CVE-2010-4340 | 1 Apache | 1 Libcloud | 2025-04-11 | N/A |
| libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. | ||||
| CVE-2010-5065 | 1 Vwar | 1 Virtual War | 2025-04-11 | N/A |
| popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action. | ||||