The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2010-3438 | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \"some text\\rQUIT\" to the \'privmsg\' handler, which would cause the client to disconnect from the server. | HIGH | Nov 15, 2019 | n/a |
CVE-2010-3375 | qtparted has insecure library loading which may allow arbitrary code execution | HIGH | Oct 29, 2019 | n/a |
CVE-2010-3373 | paxtest handles temporary files insecurely | LOW | Oct 29, 2019 | n/a |
CVE-2010-3359 | If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user\'s account. | MEDIUM | Nov 12, 2019 | n/a |
CVE-2010-3347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3309 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3305 | Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | MEDIUM | Nov 14, 2019 | n/a |
CVE-2010-3300 | It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | MEDIUM | Jun 25, 2021 | n/a |
CVE-2010-3299 | The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | MEDIUM | Nov 15, 2019 | n/a |
CVE-2010-3295 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3293 | mailscanner can allow local users to prevent virus signatures from being updated | LOW | Oct 30, 2019 | n/a |
CVE-2010-3292 | The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | LOW | Nov 15, 2019 | n/a |
CVE-2010-3282 | 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | LOW | Jan 9, 2020 | n/a |
CVE-2010-3226 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3224 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-3095 | mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | LOW | Nov 15, 2019 | n/a |
CVE-2010-3090 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3089. Reason: This issue was MERGED into CVE-2010-3089 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2010-3089 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2010-3068 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2938. Reason: This candidate is a reservation duplicate of CVE-2010-2938. Notes: All CVE users should reference CVE-2010-2938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2010-3050 | Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | Medium | Oct 3, 2017 | n/a |
CVE-2010-3049 | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | Medium | Oct 3, 2017 | n/a |
CVE-2010-3048 | Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | MEDIUM | Jan 16, 2020 | n/a |
CVE-2010-2967 | The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | High | Aug 5, 2010 | n/a |
CVE-2010-2966 | The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | High | Aug 5, 2010 | n/a |
CVE-2010-2965 | The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. | High | Aug 5, 2010 | n/a |
CVE-2010-2939 | Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. | Medium | Aug 30, 2010 | n/a |
CVE-2010-2804 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2783 | IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | MEDIUM | Oct 31, 2019 | n/a |
CVE-2010-2749 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2737 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2736 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2727 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2565 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2548 | IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | MEDIUM | Oct 31, 2019 | n/a |
CVE-2010-2525 | A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. | HIGH | Jun 22, 2021 | n/a |
CVE-2010-2496 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | LOW | Oct 21, 2021 | n/a |
CVE-2010-2490 | Mumble: murmur-server has DoS due to malformed client query | MEDIUM | Oct 31, 2019 | n/a |
CVE-2010-2488 | NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | MEDIUM | Nov 14, 2019 | n/a |
CVE-2010-2486 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2485 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2476 | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | HIGH | Nov 12, 2019 | n/a |
CVE-2010-2475 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2010-2473 | Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | LOW | Nov 13, 2019 | n/a |
CVE-2010-2472 | Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the \'administer languages\' permission. | LOW | Nov 13, 2019 | n/a |
CVE-2010-2471 | Drupal versions 5.x and 6.x has open redirection | MEDIUM | Nov 13, 2019 | n/a |
CVE-2010-2450 | The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | MEDIUM | Nov 13, 2019 | n/a |