CVE Daily
← All years

Uncategorized 2010

Page 5/14.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2010-09-24
Medium

CVE-2010-3285

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
2010-09-23
High

CVE-2010-3279

The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, whi…

CVSS: 7.6CWE: CWE-16
Read more
High

CVE-2010-2836

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly di…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2010-2835

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2834

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x befor…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2833

Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit t…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2832

Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit tra…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2831

Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traff…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2830

The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malfor…

CVSS: 7.1CWE: N/A
Read more
High

CVE-2010-2829

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a de…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-2828

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a de…

CVSS: 7.8CWE: N/A
Read more
2010-09-22
High

CVE-2010-3483

cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leverage…

CVSS: 7.5CWE: CWE-264
Read more
2010-09-21
Low

CVE-2010-3477

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certa…

CVSS: 2.1CWE: CWE-399
Read more
Low

CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a…

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2010-3092

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to by…

CVSS: 5.5CWE: CWE-264
Read more
Medium

CVE-2010-0781

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption)…

CVSS: 4.0CWE: N/A
Read more
2010-09-20
Medium

CVE-2010-3475

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictio…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2010-3474

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypas…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2009-5002

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2009-5001

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the de…

CVSS: 4.0CWE: CWE-264
Read more
Low

CVE-2009-4998

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a secu…

CVSS: 2.6CWE: CWE-264
Read more
Low

CVE-2008-7261

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local u…

CVSS: 2.1CWE: CWE-255
Read more
Medium

CVE-2006-7242

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow r…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2010-3200

MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Wo…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a…

CVSS: 5.0CWE: N/A
Read more
2010-09-17
Medium

CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations…

CVSS: 5.0CWE: CWE-310
Read more
Low

CVE-2010-3074

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a wate…

CVSS: 2.1CWE: CWE-310
Read more
Low

CVE-2010-3073

SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users…

CVSS: 2.1CWE: CWE-310
Read more
2010-09-16
Medium

CVE-2010-3413

Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2010-3406

Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.

CVSS: 1.7CWE: N/A
Read more
Critical

CVE-2010-3403

Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking at…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3402

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
2010-09-15
Medium

CVE-2010-3400

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random nu…

CVSS: 5.8CWE: CWE-310
Read more
Medium

CVE-2010-3399

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor point…

CVSS: 5.8CWE: CWE-310
Read more
Critical

CVE-2010-3398

Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-3171

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per docu…

CVSS: 5.8CWE: CWE-310
Read more
Medium

CVE-2010-1891

The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properl…

CVSS: 6.9CWE: CWE-264
Read more
Critical

CVE-2010-3397

Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3009

Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2010-2884

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-2600

Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-1326

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attacke…

CVSS: 9.3CWE: CWE-264
Read more
2010-09-14
Medium

CVE-2010-2953

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current worki…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

CVSS: 4.6CWE: N/A
Read more
2010-09-13
Medium

CVE-2010-3319

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.

CVSS: 5.0CWE: CWE-255
Read more
Medium

CVE-2010-3318

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS: 5.0CWE: CWE-255
Read more
High

CVE-2010-3008

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain…

CVSS: 7.2CWE: N/A
Read more
2010-09-10
Critical

CVE-2010-3199

Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2010-3006

Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a comman…

CVSS: 6.2CWE: N/A
Read more
Medium

CVE-2010-2949

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-1806

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in stylin…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-1805

Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) progr…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2010-3034

Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unin…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2010-3033

Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain admi…

CVSS: 9.0CWE: CWE-264
Read more
Critical

CVE-2010-2843

Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain admi…

CVSS: 9.0CWE: CWE-264
Read more
Critical

CVE-2010-2842

Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain admi…

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2010-2841

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote au…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2010-0575

Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unin…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2010-0574

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and…

CVSS: 7.8CWE: N/A
Read more
2010-09-09
Medium

CVE-2010-3017

Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensit…

CVSS: 5.7CWE: N/A
Read more
High

CVE-2010-3007

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2010-1815

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2010-1812

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 6.8CWE: CWE-399
Read more
Low

CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

CVSS: 3.5CWE: N/A
Read more
Critical

CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-1781

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors…

CVSS: 6.8CWE: CWE-399
Read more
Critical

CVE-2010-3169

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow r…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-2767

The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle dest…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2010-2765

Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allo…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2010-2764

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XM…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2010-2762

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at th…

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2010-2760

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might…

CVSS: 9.3CWE: CWE-399
Read more
2010-09-08
Low

CVE-2010-3264

The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.

CVSS: 2.1CWE: CWE-255
Read more
Medium

CVE-2010-3198

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-3005

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2010-3004

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the ci…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2010-2066

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as…

CVSS: 5.5CWE: N/A
Read more
2010-09-07
Medium

CVE-2010-3256

Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-3250

Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-3249

Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, rela…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3248

Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3246

Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vect…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2010-2874

Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting i…

CVSS: 9.3CWE: CWE-399
Read more
High

CVE-2009-4997

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2009-4996

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2006-7240

gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it e…

CVSS: 7.2CWE: CWE-264
Read more
2010-09-03
High

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for phys…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session…

CVSS: 5.0CWE: CWE-255
Read more
2010-08-31
Medium

CVE-2010-3197

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unsp…

CVSS: 5.0CWE: CWE-264
Read more
Low

CVE-2010-3196

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2010-3195

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special grou…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2010-3194

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files own…

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2010-3193

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3191

Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking a…

CVSS: 9.3CWE: N/A
Read more
2010-08-30
High

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a cr…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2010-2712

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2010-3002

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3001

Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3000

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2010-2945

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the cu…

CVSS: 6.9CWE: CWE-16
Read more
Medium

CVE-2010-2363

The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, w…

CVSS: 5.8CWE: CWE-264
Read more
Critical

CVE-2010-0117

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-0116

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that trigger…

CVSS: 9.3CWE: CWE-189
Read more
2010-08-27
Critical

CVE-2010-3155

Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks vi…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3154

Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3153

Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users,…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3152

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code a…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3151

Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan hors…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3150

Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks vi…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3149

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code an…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3148

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a direc…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3147

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3146

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working di…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3145

Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a T…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3144

Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3143

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3142

Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan hor…

CVSS: 9.3CWE: N/A
Read more
>