Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-0435 1 Redhat 2 Enterprise Virtualization, Kvm 2011-01-19 4.6
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via...
CVE-2010-0039 1 Apple 5 Time Capsule, Airport Express, Airport Extreme Base Station Firmware and 2 more 2011-01-19 2.6
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the...
CVE-2009-2189 1 Apple 5 Airport Extreme, Airport Express, Airport Extreme Base Station Firmware and 2 more 2011-01-19 6.1
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows...
CVE-2010-2388 1 Oracle 1 E-business Suite 2011-01-19 5.8
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
CVE-2010-0121 1 Realnetworks 2 Realplayer, Realplayer Sp 2011-01-19 10.0
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and...
CVE-2006-3634 1 Linux 1 Linux Kernel 2011-01-19 4.9
The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause...
CVE-2010-4339 1 Hypermail-project 1 Hypermail 2011-01-18 4.3
Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages.
CVE-2010-4598 1 Ecava 1 Integraxor 2011-01-14 5.0
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
CVE-2010-3996 1 Cstr 1 Festival 2011-01-14 6.9
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library...
CVE-2010-3074 1 Arg0 1 Encfs 2011-01-14 2.1
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
CVE-2010-3073 1 Arg0 1 Encfs 2011-01-14 2.1
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating...
CVE-2010-3072 1 Squid-cache 1 Squid 2011-01-14 5.0
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
CVE-2010-2947 1 Jan Engelhardt 1 Libhx 2011-01-14 10.0
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
CVE-2010-2523 1 Linux-ipv6 1 Umip 2011-01-14 10.0
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.
CVE-2010-2522 1 Linux-ipv6 1 Umip 2011-01-14 2.1
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
CVE-2010-4587 1 Opera 1 Opera Browser 2011-01-12 9.3
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
CVE-2010-3922 1 Sixapart 1 Movabletype 2011-01-12 7.5
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3921 1 Sixapart 1 Movabletype 2011-01-12 4.3
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2808 1 Freetype 1 Freetype 2011-01-12 6.8
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe...
CVE-2010-2806 1 Freetype 1 Freetype 2011-01-12 6.8
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain...