Total
5477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4483 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. | ||||
| CVE-2010-4485 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. | ||||
| CVE-2010-4491 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. | ||||
| CVE-2010-3277 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | N/A |
| The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | ||||
| CVE-2010-3304 | 1 Dovecot | 1 Dovecot | 2025-04-11 | N/A |
| The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. | ||||
| CVE-2010-3321 | 1 Rsa | 1 Authentication Client | 2025-04-11 | N/A |
| RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | ||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | ||||
| CVE-2010-3433 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2025-04-11 | N/A |
| The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | ||||
| CVE-2010-3497 | 1 Symantec | 1 Norton Antivirus | 2025-04-11 | N/A |
| Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." | ||||
| CVE-2010-3498 | 1 Avg | 1 Anti-virus | 2025-04-11 | N/A |
| AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | ||||
| CVE-2010-4534 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | ||||
| CVE-2010-4546 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | ||||
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | ||||
| CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2025-04-11 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | ||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | ||||
| CVE-2010-3738 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | ||||
| CVE-2011-1425 | 3 Aleksey, Apple, Redhat | 3 Xml Security Library, Webkit, Enterprise Linux | 2025-04-11 | N/A |
| xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. | ||||
| CVE-2010-5070 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | ||||
| CVE-2010-5071 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-11 | N/A |
| The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | ||||
| CVE-2010-5072 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | ||||