CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2439 190 Overflow 2019-10-23 2019-10-31
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
2 CVE-2002-2444 20 2019-10-28 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
Snoopy before 2.0.0 has a security hole in exec cURL
3 CVE-2005-2349 22 Dir. Trav. 2019-10-28 2019-11-01
5.0
None Remote Low Not required Partial None None
Zoo 2.10 has Directory traversal
4 CVE-2009-3723 863 2019-10-29 2019-11-01
5.0
None Remote Low Not required None Partial None
asterisk allows calls on prohibited networks
5 CVE-2009-3887 22 Dir. Trav. 2019-10-29 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
ytnef has directory traversal
6 CVE-2009-4899 89 Sql 2019-10-28 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
pixelpost 1.7.1 has SQL injection
7 CVE-2009-4900 79 XSS 2019-10-28 2019-11-01
4.3
None Remote Medium Not required None Partial None
pixelpost 1.7.1 has XSS
8 CVE-2009-5041 120 Overflow 2019-10-31 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
overkill has buffer overflow via long player names that can corrupt data on the server machine
9 CVE-2009-5042 668 2019-10-31 2019-11-06
6.4
None Remote Low Not required Partial Partial None
python-docutils allows insecure usage of temporary files
10 CVE-2009-5043 755 2019-10-31 2019-11-06
7.5
None Remote Low Not required Partial Partial Partial
burn allows file names to escape via mishandled quotation marks
11 CVE-2010-0206 476 DoS 2019-10-30 2019-11-01
4.3
None Remote Medium Not required None None Partial
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
12 CVE-2010-0207 835 DoS 2019-10-30 2019-11-01
4.3
None Remote Medium Not required None None Partial
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
13 CVE-2010-0398 59 2019-10-30 2019-11-05
5.5
None Remote Low ??? None Partial Partial
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.
14 CVE-2010-0737 732 2019-10-30 2019-11-05
5.2
None Local Network Low ??? Partial Partial Partial
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
15 CVE-2010-0747 732 Bypass 2019-10-30 2019-11-07
4.6
None Local Low Not required Partial Partial Partial
drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725.
16 CVE-2010-0748 20 DoS 2019-10-30 2020-08-18
7.5
None Remote Low Not required Partial Partial Partial
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
17 CVE-2010-0749 119 Overflow 2019-10-30 2020-08-18
5.0
None Remote Low Not required None None Partial
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
18 CVE-2010-1673 79 XSS 2019-10-30 2019-10-31
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
19 CVE-2010-1678 20 2019-10-29 2021-06-01
5.0
None Remote Low Not required None None Partial
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
20 CVE-2010-2061 20 2019-10-29 2019-11-05
7.2
None Local Low Not required Complete Complete Complete
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
21 CVE-2010-2064 59 +Priv 2019-10-29 2019-11-05
3.6
None Local Low Not required Partial Partial None
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
22 CVE-2010-2490 20 2019-10-31 2019-11-06
4.0
None Remote Low ??? None None Partial
Mumble: murmur-server has DoS due to malformed client query
23 CVE-2010-2548 863 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
24 CVE-2010-2783 200 +Info 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
25 CVE-2010-3293 20 2019-10-28 2019-10-30
2.1
None Local Low Not required None Partial None
mailscanner can allow local users to prevent virus signatures from being updated
26 CVE-2010-3373 20 2019-10-29 2019-11-01
2.1
None Local Low Not required None Partial None
paxtest handles temporary files insecurely
27 CVE-2010-3375 20 Exec Code 2019-10-29 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
qtparted has insecure library loading which may allow arbitrary code execution
28 CVE-2010-4237 295 2019-10-29 2019-10-31
4.3
None Remote Medium Not required None Partial None
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
29 CVE-2010-4239 20 File Inclusion 2019-10-28 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
30 CVE-2010-4240 79 XSS 2019-10-28 2019-10-29
4.3
None Remote Medium Not required None Partial None
Tiki Wiki CMS Groupware 5.2 has XSS
31 CVE-2010-4241 352 CSRF 2019-10-28 2019-10-29
6.8
None Remote Medium Not required Partial Partial Partial
Tiki Wiki CMS Groupware 5.2 has CSRF
32 CVE-2010-4245 79 XSS 2019-10-28 2019-11-01
4.3
None Remote Medium Not required None Partial None
pootle 2.0.5 has XSS via 'match_names' parameter
33 CVE-2010-5334 22 Dir. Trav. 2019-10-11 2019-10-17
7.8
None Remote Low Not required Complete None None
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
34 CVE-2010-5335 22 Dir. Trav. 2019-10-11 2019-10-16
7.8
None Remote Low Not required Complete None None
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
35 CVE-2010-5336 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
36 CVE-2010-5337 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
37 CVE-2010-5338 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
38 CVE-2010-5339 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
39 CVE-2010-5340 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
40 CVE-2011-0428 79 XSS 2019-10-29 2019-11-01
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
41 CVE-2011-1408 59 2019-10-29 2020-08-18
6.4
None Remote Low Not required Partial Partial None
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
42 CVE-2011-2538 74 Exec Code 2019-10-29 2019-11-01
9.0
None Remote Low ??? Complete Complete Complete
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.
43 CVE-2011-4931 521 2019-10-29 2019-11-01
5.0
None Remote Low Not required None Partial None
gpw generates shorter passwords than required
44 CVE-2012-0046 200 +Info 2019-10-29 2019-10-31
5.0
None Remote Low Not required Partial None None
mediawiki allows deleted text to be exposed
45 CVE-2012-0694 20 Exec Code 2019-10-29 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
46 CVE-2012-1187 273 2019-10-29 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
Bitlbee does not drop extra group privileges correctly in unix.c
47 CVE-2012-2945 59 2019-10-29 2019-10-31
5.0
None Remote Low Not required None Partial None
Hadoop 1.0.3 contains a symlink vulnerability.
48 CVE-2012-5577 276 2019-10-28 2019-10-31
5.0
None Remote Low Not required Partial None None
Python keyring lib before 0.10 created keyring files with world-readable permissions.
49 CVE-2012-6122 120 DoS Overflow 2019-10-31 2019-11-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
50 CVE-2012-6123 20 2019-10-31 2019-11-08
5.0
None Remote Low Not required None Partial None
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
Total number of vulnerabilities : 1567   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.