Search Results (9576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1846 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
CVE-2010-1646 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
CVE-2010-1736 1 Aspindir 1 Krm Haber 2025-04-11 N/A
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.
CVE-2010-1754 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 N/A
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
CVE-2010-2223 1 Redhat 2 Enterprise Linux, Enterprise Virtualization Hypervisor 2025-04-11 N/A
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
CVE-2010-2896 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
CVE-2010-2929 1 Pharscape 1 Hsolink 2025-04-11 N/A
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671.
CVE-2010-2968 1 Windriver 1 Vxworks 2025-04-11 N/A
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2010-2973 1 Apple 3 Ipad, Iphone Os, Ipod Touch 2025-04-11 N/A
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
CVE-2010-3020 1 Opera 1 Opera Browser 2025-04-11 N/A
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.
CVE-2010-3033 1 Cisco 1 Wireless Lan Controller Software 2025-04-11 N/A
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
CVE-2010-3055 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
CVE-2010-3713 1 Usebb 1 Usebb 2025-04-11 N/A
rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.
CVE-2010-3707 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2025-04-11 N/A
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
CVE-2010-3717 1 Typo3 1 Typo3 2025-04-11 N/A
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
CVE-2011-1126 2 Linux, Vmware 3 Linux Kernel, Vix Api, Workstation 2025-04-11 N/A
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.
CVE-2010-0427 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
CVE-2010-3733 1 Ibm 1 Db2 2025-04-11 N/A
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
CVE-2010-3734 1 Ibm 1 Db2 2025-04-11 N/A
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
CVE-2010-3779 1 Dovecot 1 Dovecot 2025-04-11 N/A
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.