CVE List - 2010 / September
Showing 201 - 297 of 297 CVEs for September 2010 (Page 3 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-5001 | 2010-09-20 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance... |
| CVE-2009-5002 | 2010-09-20 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt... |
| CVE-2010-3470 | 2010-09-20 | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject... |
| CVE-2010-3471 | 2010-09-20 | Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2010-3472 | 2010-09-20 | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or... |
| CVE-2010-3473 | 2010-09-20 | Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and... |
| CVE-2010-2942 | 2010-09-21 | The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to... |
| CVE-2010-3067 | 2010-09-21 | Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via... |
| CVE-2010-3078 | 2010-09-21 | The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack... |
| CVE-2010-3080 | 2010-09-21 | Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other... |
| CVE-2010-0781 | 2010-09-21 | Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted... |
| CVE-2010-1820 | 2010-09-21 | Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access... |
| CVE-2010-3477 | 2010-09-21 | The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local... |
| CVE-2010-3092 | 2010-09-21 | The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass... |
| CVE-2010-3093 | 2010-09-21 | The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a... |
| CVE-2010-3094 | 2010-09-21 | Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2)... |
| CVE-2010-3301 | 2010-09-22 | The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path... |
| CVE-2010-3332 | 2010-09-22 | Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during... |
| CVE-2010-3313 | 2010-09-22 | phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters... |
| CVE-2010-3314 | 2010-09-22 | Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject... |
| CVE-2009-5003 | 2010-09-22 | SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. |
| CVE-2010-3479 | 2010-09-22 | SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| CVE-2010-3480 | 2010-09-22 | Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2010-3481 | 2010-09-22 | Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password... |
| CVE-2010-3486 | 2010-09-22 | Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded... |
| CVE-2010-3488 | 2010-09-22 | Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. |
| CVE-2010-3482 | 2010-09-22 | Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can... |
| CVE-2010-3483 | 2010-09-22 | cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct... |
| CVE-2010-3484 | 2010-09-22 | SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. |
| CVE-2010-3485 | 2010-09-22 | SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance... |
| CVE-2010-3487 | 2010-09-22 | Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. |
| CVE-2010-3489 | 2010-09-22 | Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter. |
| CVE-2010-3279 | 2010-09-23 | The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers... |
| CVE-2010-3280 | 2010-09-23 | The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser... |
| CVE-2010-3281 | 2010-09-23 | Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash)... |
| CVE-2010-2828 | 2010-09-23 | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to... |
| CVE-2010-2829 | 2010-09-23 | Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to... |
| CVE-2010-2830 | 2010-09-23 | The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service... |
| CVE-2010-2831 | 2010-09-23 | Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2010-2832 | 2010-09-23 | Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2010-2833 | 2010-09-23 | Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2010-2834 | 2010-09-23 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x... |
| CVE-2010-2835 | 2010-09-23 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0... |
| CVE-2010-2836 | 2010-09-23 | Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory... |
| CVE-2010-1767 | 2010-09-24 | Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims... |
| CVE-2010-1772 | 2010-09-24 | Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service... |
| CVE-2010-1773 | 2010-09-24 | Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a... |
| CVE-2010-1823 | 2010-09-24 | Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors... |
| CVE-2010-1824 | 2010-09-24 | Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a... |
| CVE-2010-1825 | 2010-09-24 | Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to... |
| CVE-2010-3261 | 2010-09-24 | Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. |
| CVE-2010-3294 | 2010-09-24 | Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-3304 | 2010-09-24 | The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak... |
| CVE-2010-2491 | 2010-09-24 | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. |
| CVE-2010-3283 | 2010-09-24 | Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2010-3284 | 2010-09-24 | Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2010-3285 | 2010-09-24 | Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. |
| CVE-2010-3306 | 2010-09-24 | Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. |
| CVE-2010-3081 | 2010-09-24 | The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows... |
| CVE-2010-3602 | 2010-09-24 | Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these... |
| CVE-2010-3603 | 2010-09-24 | Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary... |
| CVE-2010-3606 | 2010-09-24 | Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the... |
| CVE-2010-3607 | 2010-09-24 | Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. |
| CVE-2010-3601 | 2010-09-24 | SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. |
| CVE-2010-3604 | 2010-09-24 | SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-3605 | 2010-09-24 | Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-3608 | 2010-09-24 | Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. |
| CVE-2010-0405 | 2010-09-28 | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code... |
| CVE-2010-2950 | 2010-09-28 | Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a... |
| CVE-2010-3070 | 2010-09-28 | Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary... |
| CVE-2010-3087 | 2010-09-28 | LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. |
| CVE-2010-3490 | 2010-09-28 | Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a ..... |
| CVE-2010-3277 | 2010-09-28 | The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might... |
| CVE-2010-2453 | 2010-09-29 | Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing... |
| CVE-2010-2478 | 2010-09-29 | Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified... |
| CVE-2010-2946 | 2010-09-29 | fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace... |
| CVE-2010-3084 | 2010-09-29 | Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via... |
| CVE-2010-3310 | 2010-09-29 | Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact... |
| CVE-2010-3684 | 2010-09-29 | The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information... |
| CVE-2010-2530 | 2010-09-29 | Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a... |
| CVE-2010-3091 | 2010-09-29 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows... |
| CVE-2010-3380 | 2010-09-29 | The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse... |
| CVE-2010-3468 | 2010-09-29 | Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a... |
| CVE-2010-3685 | 2010-09-29 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values,... |
| CVE-2010-3686 | 2010-09-29 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which... |
| CVE-2010-3687 | 2010-09-29 | Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated... |
| CVE-2010-3688 | 2010-09-29 | Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter. |
| CVE-2010-2537 | 2010-09-30 | The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies... |
| CVE-2010-2538 | 2010-09-30 | Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. |
| CVE-2010-2943 | 2010-09-30 | The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or... |
| CVE-2010-3079 | 2010-09-30 | kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial... |
| CVE-2010-3296 | 2010-09-30 | The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel... |
| CVE-2010-3297 | 2010-09-30 | The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel... |
| CVE-2010-3298 | 2010-09-30 | The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel... |
| CVE-2010-3429 | 2010-09-30 | flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an... |
| CVE-2010-3434 | 2010-09-30 | Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code... |
| CVE-2010-1623 | 2010-10-04 | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server... |
| CVE-2010-1822 | 2010-10-04 | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote... |
| CVE-2010-3315 | 2010-10-04 | authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly... |
| CVE-2010-3437 | 2010-10-04 | Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of... |