CVE Daily
← All years

All CVEs — 2011

Page 22/22.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2011-01-14
Medium

CVE-2011-0483

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial o…

CVSS: 5.0 CWE: CWE-704
Read more
Medium

CVE-2011-0482

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial…

CVSS: 4.3 CWE: CWE-704
Read more
Critical

CVE-2011-0481

Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related…

CVSS: 9.3 CWE: CWE-120
Read more
Critical

CVE-2011-0480

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of se…

CVSS: 9.3 CWE: CWE-120
Read more
High

CVE-2011-0479

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that tri…

CVSS: 7.5 CWE: CWE-824
Read more
Critical

CVE-2011-0478

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified othe…

CVSS: 10.0 CWE: CWE-20
Read more
Critical

CVE-2011-0477

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0476

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF doc…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0475

Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2011-0471

The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2009-5018

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI prog…

CVSS: 6.8 CWE: CWE-119
Read more
2011-01-13
Medium

CVE-2011-0310

Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.

CVSS: 6.8 CWE: CWE-119
Read more
Critical

CVE-2011-0271

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a co…

CVSS: 10.0 CWE: CWE-78
Read more
Critical

CVE-2011-0270

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data…

CVSS: 10.0 CWE: CWE-134
Read more
Critical

CVE-2011-0269

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0268

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0267

Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams p…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0266

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerabi…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0265

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0264

Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0263

Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-0262

Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via larg…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2010-4647

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTM…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2010-4529

Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information fr…

CVSS: 2.1 CWE: CWE-191
Read more
Medium

CVE-2010-4527

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which a…

CVSS: 6.9 CWE: CWE-120
Read more
High

CVE-2010-3924

SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-7271

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2011-0444

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2011-0443

SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile ac…

CVSS: 6.8 CWE: CWE-89
Read more
Critical

CVE-2010-2604

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Expre…

CVSS: 9.3 CWE: CWE-119
Read more
2011-01-12
Medium

CVE-2011-0315

Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-0314

Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash…

CVSS: 6.5 CWE: CWE-119
Read more
Critical

CVE-2011-0027

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote…

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2010-3926

Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspeci…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which al…

CVSS: 5.0 CWE: CWE-200
Read more
2011-01-11
High

CVE-2011-0407

SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2011-0406

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2011-0405

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory trave…

CVSS: 6.8 CWE: CWE-22
Read more
High

CVE-2011-0404

Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2011-0402

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

CVSS: 6.8 CWE: CWE-59
Read more
Low

CVE-2011-0007

pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is…

CVSS: 3.3 CWE: CWE-59
Read more
Medium

CVE-2011-0005

Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.p…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2010-4693

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4526

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unrea…

CVSS: 7.1 CWE: CWE-362
Read more
Low

CVE-2010-4525

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory…

CVSS: 1.9 CWE: CWE-200
Read more
Medium

CVE-2010-4247

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS user…

CVSS: 5.5 CWE: CWE-20
Read more
Medium

CVE-2010-4225

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to a…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2010-3865

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec s…

CVSS: 7.2 CWE: CWE-190
Read more
High

CVE-2010-3444

Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of servi…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a s…

CVSS: 6.8 CWE: CWE-22
Read more
2011-01-10
Medium

CVE-2011-0004

Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-4535

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestam…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2010-4013

Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vect…

CVSS: 6.8 CWE: CWE-134
Read more
2011-01-07
Medium

CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security app…

CVSS: 5.0 CWE: CWE-287
Read more
Low

CVE-2010-4322

Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You W…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2010-3984

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2010-3201

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4543

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) o…

CVSS: 7.5 CWE: CWE-787
Read more
Medium

CVE-2010-4542

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of ser…

CVSS: 6.8 CWE: CWE-787
Read more
Critical

CVE-2010-4541

Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service…

CVSS: 9.3 CWE: CWE-787
Read more
Medium

CVE-2010-4540

Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to ca…

CVSS: 6.8 CWE: CWE-787
Read more
High

CVE-2010-4523

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related…

CVSS: 7.2 CWE: CWE-119
Read more
Medium

CVE-2010-4687

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2010-4686

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a d…

CVSS: 7.8 CWE: CWE-400
Read more
Medium

CVE-2010-4685

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned cer…

CVSS: 4.0 CWE: CWE-295
Read more
High

CVE-2010-4684

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.

CVSS: 7.1 CWE: CWE-20
Read more
High

CVE-2010-4683

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.

CVSS: 7.8 CWE: CWE-772
Read more
Critical

CVE-2010-4538

Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute a…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2010-4497

Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote att…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4496

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attack…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4324

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attac…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which al…

CVSS: 6.9 CWE: CWE-59
Read more
High

CVE-2010-2642

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denia…

CVSS: 7.6 CWE: CWE-119
Read more
High

CVE-2010-2641

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

CVSS: 7.6 CWE: CWE-20
Read more
High

CVE-2010-2640

Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

CVSS: 7.6 CWE: CWE-20
Read more
Medium

CVE-2009-5039

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large n…

CVSS: 5.0 CWE: CWE-772
Read more
High

CVE-2009-5038

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via a…

CVSS: 7.8 CWE: CWE-20
Read more
High

CVE-2010-4679

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP…

CVSS: 7.8 CWE: CWE-20
Read more
High

CVE-2010-4671

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending…

CVSS: 7.8 CWE: CWE-400
Read more
Medium

CVE-2010-4528

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and applicatio…

CVSS: 4.0 CWE: CWE-20
Read more
Medium

CVE-2010-4160

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the…

CVSS: 6.9 CWE: CWE-190
Read more
2011-01-03
Medium

CVE-2010-4668

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a…

CVSS: 4.7 CWE: CWE-400
Read more
Medium

CVE-2010-4536

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersa…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-4524

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT elemen…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type param…

CVSS: 5.1 CWE: CWE-22
Read more
Medium

CVE-2010-4349

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2010-4348

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4164

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via…

CVSS: 7.8 CWE: CWE-191
Read more
Medium

CVE-2010-4163

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SC…

CVSS: 4.7 CWE: CWE-20
Read more
Medium

CVE-2010-4162

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

CVSS: 4.7 CWE: CWE-190
Read more
Low

CVE-2010-3877

The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from ker…

CVSS: 1.9 CWE: CWE-909
Read more
Low

CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel s…

CVSS: 1.9 CWE: CWE-909
Read more
Low

CVE-2010-3875

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information fro…

CVSS: 2.1 CWE: CWE-200
Read more
Medium

CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possib…

CVSS: 5.0 CWE: CWE-119
Read more