CVE Daily
← All years

Uncategorized 2010

Page 10/14.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2010-05-07
Medium

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earl…

CVSS: 6.4CWE: CWE-310
Read more
Medium

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2010-1549

Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-1440

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrar…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2010-0827

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual fo…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2009-4845

The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and passwo…

CVSS: 5.0CWE: CWE-310
Read more
2010-05-06
Medium

CVE-2010-1736

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2010-1731

Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-1729

WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an in…

CVSS: 4.3CWE: CWE-399
Read more
Critical

CVE-2010-1728

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a de…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-1438

Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2009-4835

The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of se…

CVSS: 4.3CWE: CWE-189
Read more
2010-05-05
Medium

CVE-2010-0406

OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2010-0401

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or…

CVSS: 6.5CWE: CWE-264
Read more
2010-05-03
Critical

CVE-2010-1663

The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS: 10.0CWE: CWE-264
Read more
Low

CVE-2010-1651

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of al…

CVSS: 1.9CWE: CWE-310
Read more
Low

CVE-2010-1650

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements t…

CVSS: 1.9CWE: CWE-310
Read more
2010-04-29
Medium

CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profi…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2010-1616

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

CVSS: 4.0CWE: N/A
Read more
High

CVE-2010-1166

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or po…

CVSS: 7.1CWE: CWE-189
Read more
Medium

CVE-2010-1612

The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGI…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2009-4832

The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.

CVSS: 7.2CWE: CWE-264
Read more
2010-04-28
Medium

CVE-2010-1429

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web cont…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2010-1038

Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.

CVSS: 6.5CWE: N/A
Read more
2010-04-27
Medium

CVE-2010-0772

Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control da…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0105

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users t…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2009-4825

8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2009-4824

Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2009-4820

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2009-4819

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double exte…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2009-4818

Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2009-4817

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a…

CVSS: 6.8CWE: N/A
Read more
2010-04-23
High

CVE-2010-1506

The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2010-1505

Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2010-1502

Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."

CVSS: 9.3CWE: N/A
Read more
High

CVE-2010-1500

Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2010-1035

Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors.

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2010-1034

Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, m…

CVSS: 4.6CWE: N/A
Read more
2010-04-22
Medium

CVE-2010-1320

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service…

CVSS: 4.0CWE: CWE-399
Read more
Critical

CVE-2010-0593

The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G…

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2009-4799

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or…

CVSS: 5.0CWE: CWE-264
Read more
2010-04-21
Critical

CVE-2010-1490

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-1032

Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.

CVSS: 4.9CWE: N/A
Read more
High

CVE-2009-4781

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.

CVSS: 7.2CWE: CWE-255
Read more
Critical

CVE-2009-4778

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, an…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2009-4777

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-4774

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users t…

CVSS: 4.0CWE: N/A
Read more
2010-04-20
Critical

CVE-2010-0887

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and av…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integr…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-0996

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the signific…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2008-7255

login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.

CVSS: 4.6CWE: CWE-255
Read more
Low

CVE-2010-1488

The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local user…

CVSS: 2.1CWE: CWE-399
Read more
Low

CVE-2010-1487

IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.

CVSS: 2.1CWE: CWE-255
Read more
Critical

CVE-2010-1319

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers…

CVSS: 10.0CWE: CWE-189
Read more
High

CVE-2010-1162

The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2009-4772

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2009-4770

The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged acce…

CVSS: 7.5CWE: CWE-255
Read more
2010-04-16
Medium

CVE-2010-1156

core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at th…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-1460

The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of ser…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2010-0739

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that tr…

CVSS: 6.8CWE: CWE-189
Read more
2010-04-15
Medium

CVE-2010-1425

F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.0…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-1424

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.

CVSS: 9.3CWE: N/A
Read more
High

CVE-2010-1329

Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appende…

CVSS: 7.8CWE: N/A
Read more
2010-04-14
Medium

CVE-2010-0881

Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2010-0073

Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-0812

Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched I…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2010-0810

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service…

CVSS: 4.7CWE: N/A
Read more
Critical

CVE-2010-0477

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2010-0476

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2010-0268

Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary cod…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-0237

The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows…

CVSS: 6.9CWE: CWE-264
Read more
High

CVE-2010-0236

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which…

CVSS: 7.2CWE: CWE-399
Read more
Critical

CVE-2010-0196

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-0193

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-0192

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code…

CVSS: 9.3CWE: N/A
Read more
2010-04-13
High

CVE-2010-0897

Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2010-0896

Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Address Book and Mail Filte…

CVSS: 7.1CWE: N/A
Read more
Low

CVE-2010-0895

Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.

CVSS: 3.6CWE: N/A
Read more
Medium

CVE-2010-0894

Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and i…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2010-0893

Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0891

Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related…

CVSS: 5.8CWE: N/A
Read more
Low

CVE-2010-0890

Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Ke…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2010-0889

Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_68 through snv_128 allows local users to affect confidentiality via unknown vectors related to the Kerne…

CVSS: 4.9CWE: N/A
Read more
Critical

CVE-2010-0888

Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows remote attackers to affect confidentiality, integrity, and availability via unk…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-0885

Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality vi…

CVSS: 6.8CWE: N/A
Read more
Low

CVE-2010-0884

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Bu…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2010-0883

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Bu…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2010-0882

Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2010-0880

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect confidentiality and integrity…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0879

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0878

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unkno…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0877

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect integrity via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0876

Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, relat…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0875

Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, relat…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0874

Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unk…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0872

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0871

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2010-0870

Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_…

CVSS: 3.6CWE: N/A
Read more
Medium

CVE-2010-0869

Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown v…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0868

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2010-0867

Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0866

Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2010-0865

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle E-Business Suite 6.1.1.0 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0864

Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Onli…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0863

Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Onlin…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0862

Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related t…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0861

Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2010-0860

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, a…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2010-0859

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 ATG RUP6 allows remote attackers to affect confidentiality and integrity via unknown…

CVSS: 6.4CWE: N/A
Read more
Low

CVE-2010-0858

Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2010-0857

Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2010-0856

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0855

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2010-0854

Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INS…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2010-0853

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1; allows remote attackers to affe…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2010-0852

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown v…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2010-0851

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2010-0086

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855.

CVSS: 4.3CWE: N/A
Read more
>