The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2010-2496 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | LOW | Oct 21, 2021 |
CVE-2010-2490 | Mumble: murmur-server has DoS due to malformed client query | MEDIUM | Oct 31, 2019 |
CVE-2010-2488 | NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | MEDIUM | Nov 14, 2019 |
CVE-2010-2486 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 |
CVE-2010-2485 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 |
CVE-2010-2476 | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | HIGH | Nov 12, 2019 |
CVE-2010-2475 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 |
CVE-2010-2473 | Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | LOW | Nov 13, 2019 |
CVE-2010-2472 | Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the \'administer languages\' permission. | LOW | Nov 13, 2019 |
CVE-2010-2471 | Drupal versions 5.x and 6.x has open redirection | MEDIUM | Nov 13, 2019 |
CVE-2010-2450 | The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | MEDIUM | Nov 13, 2019 |
CVE-2010-2449 | Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | MEDIUM | Nov 9, 2019 |
CVE-2010-2447 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | HIGH | Nov 12, 2019 |
CVE-2010-2446 | Rbot Reaction plugin allows command execution | HIGH | Nov 8, 2019 |
CVE-2010-2250 | Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | MEDIUM | Nov 12, 2019 |
CVE-2010-2247 | makepasswd 1.10 default settings generate insecure passwords | MEDIUM | Nov 12, 2019 |
CVE-2010-2245 | XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | -- | Aug 8, 2017 |
CVE-2010-2243 | A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | HIGH | Nov 8, 2019 |
CVE-2010-2232 | In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. | MEDIUM | Oct 23, 2017 |
CVE-2010-2222 | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | MEDIUM | Nov 8, 2019 |
CVE-2010-2069 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 |
CVE-2010-2064 | rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | LOW | Oct 30, 2019 |
CVE-2010-2061 | rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | HIGH | Oct 30, 2019 |
CVE-2010-1884 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1839 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1835 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1827 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1826 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1821 | Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | High | Apr 20, 2017 |
CVE-2010-1816 | Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. | High | Apr 21, 2017 |
CVE-2010-1798 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1779 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1776 | Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | -- | Apr 24, 2017 |
CVE-2010-1765 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2010-1700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1698 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1697 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1696 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1695 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1694 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1678 | Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | MEDIUM | Oct 30, 2019 |
CVE-2010-1673 | A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | MEDIUM | Oct 31, 2019 |
CVE-2010-1631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none | -- | Nov 7, 2023 |
CVE-2010-1435 | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | HIGH | Jun 25, 2021 |
CVE-2010-1434 | Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | MEDIUM | Jun 25, 2021 |
CVE-2010-1433 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | HIGH | Jun 25, 2021 |
CVE-2010-1432 | Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | MEDIUM | Jun 25, 2021 |