Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2010-4351 The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in c... | N/A | NONE | — | 0 |
| CVE-2010-4701 Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edi... | N/A | NONE | — | 0 |
| CVE-2010-4702 SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2010-4703 SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information... | N/A | NONE | — | 0 |
| CVE-2011-0008 A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who ... | N/A | NONE | — | 0 |
| CVE-2011-0510 SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_o... | N/A | NONE | — | 0 |
| CVE-2011-0495 Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition be... | N/A | NONE | — | 0 |
| CVE-2011-0496 Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary w... | N/A | NONE | — | 0 |
| CVE-2011-0497 Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary file... | N/A | NONE | — | 0 |
| CVE-2011-0498 Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitr... | N/A | NONE | — | 0 |
| CVE-2011-0499 Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via ... | N/A | NONE | — | 0 |
| CVE-2011-0002 libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | N/A | NONE | — | 0 |
| CVE-2011-0500 Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpir... | N/A | NONE | — | 0 |
| CVE-2011-0501 Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in ... | N/A | NONE | — | 0 |
| CVE-2011-0502 Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified imp... | N/A | NONE | — | 0 |
| CVE-2011-0503 Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) chang... | N/A | NONE | — | 0 |
| CVE-2011-0504 Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to a... | N/A | NONE | — | 0 |
| CVE-2010-3853 pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might a... | N/A | NONE | — | 0 |
| CVE-2011-0505 Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local ... | N/A | NONE | — | 0 |
| CVE-2011-0506 Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] pa... | N/A | NONE | — | 0 |
| CVE-2011-0507 FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large numb... | N/A | NONE | — | 0 |
| CVE-2011-0508 Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script o... | N/A | NONE | — | 0 |
| CVE-2011-0509 Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page. | N/A | NONE | — | 0 |
| CVE-2011-0511 SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2011-0512 SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter. | N/A | NONE | — | 0 |
| CVE-2011-0513 DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL. | N/A | NONE | — | 0 |
| CVE-2011-0514 The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. | N/A | NONE | — | 0 |
| CVE-2011-0515 KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry ... | N/A | NONE | — | 0 |
| CVE-2011-0516 SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter. | N/A | NONE | — | 0 |
| CVE-2011-0517 Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code... | N/A | NONE | — | 0 |
| CVE-2011-0518 Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system ... | N/A | NONE | — | 0 |
| CVE-2011-0519 SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2010-2743 The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain priv... | N/A | NONE | — | 0 |
| CVE-2010-3435 The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow l... | N/A | NONE | — | 0 |
| CVE-2010-3879 FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mount... | N/A | NONE | — | 0 |
| CVE-2010-4238 The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted acc... | N/A | NONE | — | 0 |
| CVE-2010-4243 fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause... | N/A | NONE | — | 0 |
| CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0... | N/A | NONE | — | 0 |
| CVE-2010-4705 Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to t... | N/A | NONE | — | 0 |
| CVE-2011-0635 Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Ser... | N/A | NONE | — | 0 |
| CVE-2011-0636 The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows ... | N/A | NONE | — | 0 |
| CVE-2010-3316 The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might al... | N/A | NONE | — | 0 |
| CVE-2010-3430 The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow loca... | N/A | NONE | — | 0 |
| CVE-2010-3431 The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local user... | N/A | NONE | — | 0 |
| CVE-2011-0020 Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assist... | N/A | NONE | — | 0 |
| CVE-2011-0274 Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to ... | N/A | NONE | — | 0 |
| CVE-2011-0352 Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long str... | N/A | NONE | — | 0 |
| CVE-2011-0410 CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information b... | N/A | NONE | — | 0 |
| CVE-2010-4706 The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allo... | N/A | NONE | — | 0 |
| CVE-2010-4341 The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.