Search Results (23526 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3315 2 Apache, Redhat 2 Subversion, Enterprise Linux 2025-04-11 N/A
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
CVE-2010-3316 2 Linux-pam, Redhat 2 Linux-pam, Enterprise Linux 2025-04-11 N/A
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
CVE-2010-3389 2 Linux-ha, Redhat 3 Ocf Resource Agents, Enterprise Linux, Rhel Cluster 2025-04-11 N/A
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2010-3432 6 Canonical, Debian, Linux and 3 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 N/A
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.
CVE-2010-3433 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
CVE-2010-3435 2 Linux-pam, Redhat 2 Linux-pam, Enterprise Linux 2025-04-11 N/A
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.
CVE-2010-3437 6 Canonical, Debian, Linux and 3 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-11 N/A
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
CVE-2010-3452 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2025-04-11 N/A
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.
CVE-2010-3453 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2025-04-11 N/A
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
CVE-2010-3454 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2025-04-11 N/A
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
CVE-2010-3493 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-11 N/A
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
CVE-2010-3541 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
CVE-2010-3548 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
CVE-2010-3549 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
CVE-2010-3550 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2025-04-11 N/A
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-3551 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-3558 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2025-04-11 N/A
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-3559 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2025-04-11 N/A
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
CVE-2010-3560 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2025-04-11 N/A
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-3561 2 Redhat, Sun 4 Enterprise Linux, Rhel Extras, Jdk and 1 more 2025-04-11 N/A
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.