CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7551 CVE-2011-0311 119 DoS Overflow 2011-09-02 2017-08-17
3.5
None Remote Medium ??? None None Partial
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
7552 CVE-2011-0012 59 2011-04-18 2011-04-18
3.3
None Local Medium Not required None Partial Partial
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
7553 CVE-2011-0007 59 2011-01-11 2017-08-17
3.3
None Local Medium Not required None Partial Partial
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.
7554 CVE-2010-5105 59 2014-04-27 2015-11-05
3.3
None Local Medium Not required None Partial Partial
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
7555 CVE-2010-5100 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7556 CVE-2010-5098 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7557 CVE-2010-4819 20 DoS 2012-09-05 2012-09-13
3.6
None Local Low Not required Partial None Partial
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
7558 CVE-2010-4817 59 2019-11-13 2019-11-25
3.6
None Local Low Not required None Partial Partial
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
7559 CVE-2010-4813 79 XSS 2011-07-08 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
7560 CVE-2010-4807 362 DoS Overflow 2011-05-26 2011-07-13
3.5
None Remote Medium ??? None None Partial
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
7561 CVE-2010-4762 79 XSS 2011-03-18 2011-03-22
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
7562 CVE-2010-4760 200 +Info 2011-03-18 2011-03-22
3.5
None Remote Medium ??? Partial None None
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
7563 CVE-2010-4648 2012-06-21 2012-06-26
3.3
None Local Network Low Not required Partial None None
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
7564 CVE-2010-4644 399 DoS 2011-01-07 2017-08-17
3.5
None Remote Medium ??? None None Partial
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
7565 CVE-2010-4624 264 Bypass 2010-12-30 2017-08-17
3.5
None Remote Medium ??? None Partial None
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
7566 CVE-2010-4547 264 Bypass 2010-12-16 2010-12-17
3.5
None Remote Medium ??? None Partial None
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
7567 CVE-2010-4460 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
7568 CVE-2010-4450 2011-02-17 2018-10-30
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
7569 CVE-2010-4432 2011-01-19 2017-08-17
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.
7570 CVE-2010-4429 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505.
7571 CVE-2010-4427 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
7572 CVE-2010-4425 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
7573 CVE-2010-4420 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.
7574 CVE-2010-4355 79 XSS 2010-12-01 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.
7575 CVE-2010-4337 59 2011-01-14 2012-06-19
3.3
None Local Medium Not required None Partial Partial
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
7576 CVE-2010-4322 79 XSS 2011-01-07 2018-10-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
7577 CVE-2010-4275 79 1 XSS 2010-12-22 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
7578 CVE-2010-4173 59 2010-11-22 2010-11-30
3.3
None Local Medium Not required None Partial Partial
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
7579 CVE-2010-4020 310 +Priv 2010-12-02 2020-01-21
3.5
None Remote Medium ??? None Partial None
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
7580 CVE-2010-3797 79 XSS 2010-11-16 2010-12-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7581 CVE-2010-3779 264 Bypass 2010-10-06 2011-02-12
3.5
None Remote Medium ??? None Partial None
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7582 CVE-2010-3737 399 DoS 2010-10-05 2017-09-19
3.5
None Remote Medium ??? None None Partial
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.
7583 CVE-2010-3732 20 DoS 2010-10-05 2017-09-19
3.5
None Remote Medium ??? None None Partial
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
7584 CVE-2010-3691 59 2010-10-07 2019-12-30
3.3
None Local Medium Not required None Partial Partial
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
7585 CVE-2010-3665 79 XSS 2019-11-04 2019-11-05
3.5
None Remote Medium ??? None Partial None
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
7586 CVE-2010-3660 79 XSS 2019-11-01 2019-11-05
3.5
None Remote Medium ??? None Partial None
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
7587 CVE-2010-3659 79 XSS 2017-10-20 2017-11-07
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
7588 CVE-2010-3586 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
7589 CVE-2010-3581 2010-10-14 2010-11-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
7590 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
7591 CVE-2010-3512 2010-10-14 2010-11-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).
7592 CVE-2010-3508 2010-10-14 2010-11-11
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
7593 CVE-2010-3506 2010-10-14 2010-11-11
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.
7594 CVE-2010-3505 2011-01-19 2017-08-17
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429.
7595 CVE-2010-3440 494 2019-11-12 2019-11-14
3.3
None Local Medium Not required None Partial Partial
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
7596 CVE-2010-3316 2011-01-24 2019-01-03
3.3
None Local Medium Not required Partial Partial None
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
7597 CVE-2010-3303 79 XSS 2010-10-05 2013-08-27
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
7598 CVE-2010-3266 79 1 XSS 2010-12-02 2018-10-10
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
7599 CVE-2010-3196 264 DoS 2010-08-31 2017-09-19
3.5
None Remote Medium ??? None None Partial
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
7600 CVE-2010-3095 59 2019-11-12 2019-11-15
3.3
None Local Medium Not required None Partial Partial
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.