Export limit exceeded: 24481 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24481 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.5 Medium |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | ||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-11-21 | 7.5 High |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | ||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2024-11-21 | 6.5 Medium |
| Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | ||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 9.8 Critical |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | ||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2024-11-21 | 9.8 Critical |
| Rbot Reaction plugin allows command execution | ||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | ||||
| CVE-2010-2061 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.8 High |
| rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | ||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2024-11-21 | 7.5 High |
| Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | ||||
| CVE-2010-1432 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2024-11-21 | 9.8 Critical |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | ||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2024-11-21 | N/A |
| The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | ||||
| CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | ||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2024-11-21 | 7.5 High |
| konversation before 1.2.3 allows attackers to cause a denial of service. | ||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 7.5 High |
| Dump Servlet information leak in jetty before 6.1.22. | ||||
| CVE-2009-5004 | 2 Apache, Redhat | 2 Qpid-cpp, Enterprise Mrg | 2024-11-21 | 6.5 Medium |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | ||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 3.3 Low |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | ||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 6.5 Medium |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | ||||
| CVE-2007-6763 | 1 Sas | 1 Sas Drug Development | 2024-11-21 | N/A |
| SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | ||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | ||||
| CVE-2002-2444 | 1 Snoopy Project | 1 Snoopy | 2024-11-20 | 9.8 Critical |
| Snoopy before 2.0.0 has a security hole in exec cURL | ||||