CVE List 2010

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2010-5329
5.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. April 24, 2017, 01:04 am
CVE-2010-5328
4.7 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. February 6, 2017, 00:02 am
CVE-2010-5325
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
foomatic-filters Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. April 15, 2016, 09:04 am
CVE-2010-5321
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. April 24, 2017, 01:04 am
CVE-2010-5313
4.9 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. November 29, 2014, 19:11 pm
CVE-2010-5298
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. April 14, 2014, 17:04 pm
CVE-2010-5247
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qtweb Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information. September 7, 2012, 05:09 am
CVE-2010-5107
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssh The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. March 7, 2013, 14:03 pm
CVE-2010-4950
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. October 9, 2011, 05:10 am
CVE-2010-4833
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical gtk+ Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. September 6, 2011, 10:09 am
CVE-2010-4831
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gtk+ Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. September 6, 2011, 10:09 am
CVE-2010-4820
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ghostscript Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. October 26, 2014, 20:10 pm
CVE-2010-4819
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low x.org-xserver The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." September 5, 2012, 18:09 pm
CVE-2010-4818
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High x.org The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. September 5, 2012, 18:09 pm
CVE-2010-4805
6.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. May 26, 2011, 11:05 am
CVE-2010-4777
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal perl The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. February 10, 2014, 12:02 pm
CVE-2010-4756
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. March 2, 2011, 14:03 pm
CVE-2010-4755
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssh The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. March 2, 2011, 14:03 pm
CVE-2010-4700
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. January 18, 2011, 14:01 pm
CVE-2010-4699
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. January 18, 2011, 14:01 pm
CVE-2010-4698
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. January 18, 2011, 14:01 pm
CVE-2010-4697
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. January 18, 2011, 14:01 pm
CVE-2010-4668
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. January 3, 2011, 14:01 pm
CVE-2010-4666
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. April 13, 2012, 15:04 pm
CVE-2010-4665
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tiff Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. May 3, 2011, 15:05 pm
CVE-2010-4656
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. July 18, 2011, 14:07 pm
CVE-2010-4655
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. July 18, 2011, 14:07 pm
CVE-2010-4652
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium proftpd Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. February 1, 2011, 19:02 pm
CVE-2010-4650
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server. June 21, 2012, 18:06 pm
CVE-2010-4649
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. February 18, 2011, 14:02 pm
CVE-2010-4648
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames. June 21, 2012, 18:06 pm
CVE-2010-4645
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. January 10, 2011, 21:01 pm
CVE-2010-4644
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low subversion Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. January 7, 2011, 13:01 pm
CVE-2010-4565
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. December 29, 2010, 12:12 pm
CVE-2010-4563
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. February 2, 2012, 11:02 am
CVE-2010-4539
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. January 7, 2011, 13:01 pm
CVE-2010-4538
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. January 7, 2011, 13:01 pm
CVE-2010-4529
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. January 13, 2011, 13:01 pm
CVE-2010-4526
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. January 10, 2011, 21:01 pm
CVE-2010-4525
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. January 10, 2011, 21:01 pm
CVE-2010-4494
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High chrome Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. December 7, 2010, 15:12 pm
CVE-2010-4481
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. December 17, 2010, 13:12 pm
CVE-2010-4480
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". December 8, 2010, 10:12 am
CVE-2010-4478
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openssh OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. December 6, 2010, 16:12 pm
CVE-2010-4411
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cgi.pm Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. December 6, 2010, 14:12 pm
CVE-2010-4410
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cgi-simple CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. December 6, 2010, 14:12 pm
CVE-2010-4409
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. December 6, 2010, 14:12 pm
CVE-2010-4347
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. December 22, 2010, 15:12 pm
CVE-2010-4346
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. December 22, 2010, 15:12 pm
CVE-2010-4343
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. December 29, 2010, 12:12 pm
CVE-2010-4342
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. December 30, 2010, 13:12 pm
CVE-2010-4341
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low sssd The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. January 24, 2011, 19:01 pm
CVE-2010-4329
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. December 2, 2010, 10:12 am
CVE-2010-4301
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. November 26, 2010, 13:11 pm
CVE-2010-4300
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. November 26, 2010, 13:11 pm
CVE-2010-4263
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. January 18, 2011, 12:01 pm
CVE-2010-4258
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. December 30, 2010, 13:12 pm
CVE-2010-4256
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. January 25, 2011, 13:01 pm
CVE-2010-4252
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. December 6, 2010, 15:12 pm
CVE-2010-4251
6.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. May 26, 2011, 11:05 am
CVE-2010-4250
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. June 21, 2012, 18:06 pm
CVE-2010-4249
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. November 29, 2010, 10:11 am
CVE-2010-4248
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. November 30, 2010, 15:11 pm
CVE-2010-4243
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858. January 22, 2011, 16:01 pm
CVE-2010-4242
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. January 10, 2011, 21:01 pm
CVE-2010-4226
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cpio cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. February 6, 2014, 11:02 am
CVE-2010-4221
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High proftpd Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. November 9, 2010, 15:11 pm
CVE-2010-4180
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. December 6, 2010, 15:12 pm
CVE-2010-4176
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal udev plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. December 7, 2010, 16:12 pm
CVE-2010-4175
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. January 10, 2011, 21:01 pm
CVE-2010-4171
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low systemtap The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). December 7, 2010, 16:12 pm
CVE-2010-4170
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious systemtap The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. December 7, 2010, 16:12 pm
CVE-2010-4169
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. November 22, 2010, 07:11 am
CVE-2010-4165
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. November 22, 2010, 07:11 am
CVE-2010-4164
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. January 3, 2011, 14:01 pm
CVE-2010-4163
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. January 3, 2011, 14:01 pm
CVE-2010-4162
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. January 3, 2011, 14:01 pm
CVE-2010-4161
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. December 30, 2010, 13:12 pm
CVE-2010-4160
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. January 7, 2011, 06:01 am
CVE-2010-4158
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. December 30, 2010, 13:12 pm
CVE-2010-4157
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. December 10, 2010, 13:12 pm
CVE-2010-4150
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. December 7, 2010, 16:12 pm
CVE-2010-4083
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. November 30, 2010, 16:11 pm
CVE-2010-4082
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. November 30, 2010, 16:11 pm
CVE-2010-4081
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. November 30, 2010, 16:11 pm
CVE-2010-4080
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. November 30, 2010, 16:11 pm
CVE-2010-4079
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. November 29, 2010, 10:11 am
CVE-2010-4078
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. November 29, 2010, 10:11 am
CVE-2010-4077
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. November 29, 2010, 10:11 am
CVE-2010-4076
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. November 29, 2010, 10:11 am
CVE-2010-4075
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. November 29, 2010, 10:11 am
CVE-2010-4074
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. November 29, 2010, 10:11 am
CVE-2010-4073
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. November 29, 2010, 10:11 am
CVE-2010-4072
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." November 29, 2010, 10:11 am
CVE-2010-4052
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. January 13, 2011, 13:01 pm
CVE-2010-4051
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." January 13, 2011, 13:01 pm
CVE-2010-4022
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kerberos The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. February 10, 2011, 12:02 pm
CVE-2010-4015
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postgresql Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. February 1, 2011, 19:02 pm
CVE-2010-4008
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium safari libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. November 16, 2010, 19:11 pm
CVE-2010-3914
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical gvim Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. November 3, 2010, 08:11 am
CVE-2010-3906
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal git Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. December 17, 2010, 13:12 pm
CVE-2010-3904
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. December 6, 2010, 14:12 pm
CVE-2010-3900
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal midori Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. October 14, 2010, 00:10 am
CVE-2010-3881
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. December 23, 2010, 12:12 pm
CVE-2010-3880
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. December 10, 2010, 13:12 pm
CVE-2010-3879
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal fuse FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. January 22, 2011, 16:01 pm
CVE-2010-3877
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. January 3, 2011, 14:01 pm
CVE-2010-3876
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. January 3, 2011, 14:01 pm
CVE-2010-3875
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. January 3, 2011, 14:01 pm
CVE-2010-3874
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. December 29, 2010, 12:12 pm
CVE-2010-3873
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. January 3, 2011, 14:01 pm
CVE-2010-3870
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. November 12, 2010, 15:11 pm
CVE-2010-3867
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High proftpd Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. November 9, 2010, 15:11 pm
CVE-2010-3865
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. January 10, 2011, 21:01 pm
CVE-2010-3864
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. November 17, 2010, 10:11 am
CVE-2010-3861
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. December 10, 2010, 13:12 pm
CVE-2010-3859
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. December 29, 2010, 12:12 pm
CVE-2010-3858
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. November 30, 2010, 15:11 pm
CVE-2010-3856
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. January 7, 2011, 13:01 pm
CVE-2010-3855
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. November 26, 2010, 14:11 pm
CVE-2010-3850
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. December 30, 2010, 13:12 pm
CVE-2010-3849
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. December 30, 2010, 13:12 pm
CVE-2010-3848
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. December 30, 2010, 13:12 pm
CVE-2010-3847
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. January 7, 2011, 13:01 pm
CVE-2010-3842
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal curl Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using (backslash) as a separator of path components within the Content-disposition HTTP header. October 27, 2010, 19:10 pm
CVE-2010-3840
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. January 14, 2011, 13:01 pm
CVE-2010-3839
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. January 14, 2011, 13:01 pm
CVE-2010-3837
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. January 14, 2011, 13:01 pm
CVE-2010-3836
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers. January 14, 2011, 13:01 pm
CVE-2010-3835
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table. January 14, 2011, 13:01 pm
CVE-2010-3834
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments." January 14, 2011, 13:01 pm
CVE-2010-3833
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT." January 14, 2011, 13:01 pm
CVE-2010-3826
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3824
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. November 22, 2010, 07:11 am
CVE-2010-3823
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. November 22, 2010, 07:11 am
CVE-2010-3822
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3821
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3820
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3819
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3818
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. November 22, 2010, 07:11 am
CVE-2010-3817
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3816
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. November 22, 2010, 07:11 am
CVE-2010-3814
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. November 26, 2010, 14:11 pm
CVE-2010-3813
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. November 22, 2010, 07:11 am
CVE-2010-3812
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. November 22, 2010, 07:11 am
CVE-2010-3811
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. November 22, 2010, 07:11 am
CVE-2010-3809
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3808
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. November 22, 2010, 07:11 am
CVE-2010-3805
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. November 22, 2010, 07:11 am
CVE-2010-3804
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. November 22, 2010, 07:11 am
CVE-2010-3803
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. November 22, 2010, 07:11 am
CVE-2010-3762
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. October 5, 2010, 17:10 pm
CVE-2010-3710
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. October 25, 2010, 15:10 pm
CVE-2010-3709
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. November 8, 2010, 19:11 pm
CVE-2010-3705
8.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. November 26, 2010, 14:11 pm
CVE-2010-3702
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cups The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. November 5, 2010, 13:11 pm
CVE-2010-3698
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). November 26, 2010, 13:11 pm
CVE-2010-3683
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. January 11, 2011, 14:01 pm
CVE-2010-3682
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. January 11, 2011, 14:01 pm
CVE-2010-3681
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. January 11, 2011, 14:01 pm
CVE-2010-3680
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. January 11, 2011, 14:01 pm
CVE-2010-3679
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. January 11, 2011, 14:01 pm
CVE-2010-3678
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. January 11, 2011, 14:01 pm
CVE-2010-3677
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. January 11, 2011, 14:01 pm
CVE-2010-3676
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. January 11, 2011, 14:01 pm
CVE-2010-3616
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dhcp ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520. December 17, 2010, 13:12 pm
CVE-2010-3615
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. December 6, 2010, 07:12 am
CVE-2010-3614
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. December 6, 2010, 07:12 am
CVE-2010-3613
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. December 6, 2010, 07:12 am
CVE-2010-3611
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dhcp ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. November 4, 2010, 13:11 pm
CVE-2010-3493
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal python Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. October 19, 2010, 15:10 pm
CVE-2010-3492
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium python The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. October 19, 2010, 15:10 pm
CVE-2010-3477
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. September 21, 2010, 15:09 pm
CVE-2010-3448
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation. January 3, 2011, 14:01 pm
CVE-2010-3445
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. November 26, 2010, 13:11 pm
CVE-2010-3442
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. October 4, 2010, 16:10 pm
CVE-2010-3437
6.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. October 4, 2010, 16:10 pm
CVE-2010-3436
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. November 8, 2010, 19:11 pm
CVE-2010-3433
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium postgresql The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. October 6, 2010, 12:10 pm
CVE-2010-3432
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. November 22, 2010, 07:11 am
CVE-2010-3386
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ust usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. October 20, 2010, 13:10 pm
CVE-2010-3316
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. January 24, 2011, 12:01 pm
CVE-2010-3315
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. October 4, 2010, 16:10 pm
CVE-2010-3311
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High freetype Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. January 7, 2011, 17:01 pm
CVE-2010-3310
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. September 29, 2010, 12:09 pm
CVE-2010-3301
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. September 22, 2010, 14:09 pm
CVE-2010-3298
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. September 30, 2010, 10:09 am
CVE-2010-3297
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. September 30, 2010, 10:09 am
CVE-2010-3296
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. September 30, 2010, 10:09 am
CVE-2010-3263
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. September 10, 2010, 15:09 pm
CVE-2010-3257
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. September 7, 2010, 13:09 pm
CVE-2010-3192
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. October 14, 2010, 00:10 am
CVE-2010-3172
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low bugzilla CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. November 5, 2010, 12:11 pm
CVE-2010-3133
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical wireshark Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. August 26, 2010, 13:08 pm
CVE-2010-3116
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. August 24, 2010, 15:08 pm
CVE-2010-3086
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. January 14, 2011, 17:01 pm
CVE-2010-3084
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. September 29, 2010, 12:09 pm
CVE-2010-3081
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. September 24, 2010, 15:09 pm
CVE-2010-3080
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. September 21, 2010, 13:09 pm
CVE-2010-3079
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. September 30, 2010, 10:09 am
CVE-2010-3078
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. September 21, 2010, 13:09 pm
CVE-2010-3072
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squid The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. September 20, 2010, 16:09 pm
CVE-2010-3069
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High samba Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. September 15, 2010, 13:09 pm
CVE-2010-3067
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. September 21, 2010, 13:09 pm
CVE-2010-3066
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag. December 6, 2010, 14:12 pm
CVE-2010-3065
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. August 20, 2010, 15:08 pm
CVE-2010-3064
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. August 20, 2010, 15:08 pm
CVE-2010-3063
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used. August 20, 2010, 15:08 pm
CVE-2010-3062
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. August 20, 2010, 15:08 pm
CVE-2010-3056
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. August 24, 2010, 15:08 pm
CVE-2010-3055
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. August 24, 2010, 15:08 pm
CVE-2010-3054
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. August 19, 2010, 13:08 pm
CVE-2010-3053
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. August 19, 2010, 13:08 pm
CVE-2010-3015
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. August 20, 2010, 13:08 pm
CVE-2010-2995
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical wireshark The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. August 13, 2010, 13:08 pm
CVE-2010-2994
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical wireshark Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. August 13, 2010, 13:08 pm
CVE-2010-2993
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. August 13, 2010, 13:08 pm
CVE-2010-2992
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. August 13, 2010, 13:08 pm
CVE-2010-2963
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. November 26, 2010, 13:11 pm
CVE-2010-2962
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. November 26, 2010, 13:11 pm
CVE-2010-2960
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. September 8, 2010, 15:09 pm
CVE-2010-2959
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. September 8, 2010, 15:09 pm
CVE-2010-2958
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. September 8, 2010, 15:09 pm
CVE-2010-2956
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium sudo Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. September 10, 2010, 14:09 pm
CVE-2010-2955
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. September 8, 2010, 15:09 pm
CVE-2010-2954
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. September 3, 2010, 15:09 pm
CVE-2010-2951
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squid dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. October 12, 2010, 16:10 pm
CVE-2010-2950
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. September 28, 2010, 13:09 pm
CVE-2010-2949
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium quagga bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. September 10, 2010, 14:09 pm
CVE-2010-2948
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium quagga Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. September 10, 2010, 14:09 pm
CVE-2010-2946
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. September 29, 2010, 12:09 pm
CVE-2010-2943
7.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. September 30, 2010, 10:09 am
CVE-2010-2942
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. September 21, 2010, 13:09 pm
CVE-2010-2941
7.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious cups ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. November 5, 2010, 12:11 pm
CVE-2010-2940
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal sssd The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. August 30, 2010, 15:08 pm
CVE-2010-2939
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. August 17, 2010, 15:08 pm
CVE-2010-2938
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest. October 8, 2010, 16:10 pm
CVE-2010-2934
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal znc Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls." August 17, 2010, 17:08 pm
CVE-2010-2898
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High chrome Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. July 28, 2010, 15:07 pm
CVE-2010-2891
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libsmi Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. October 27, 2010, 19:10 pm
CVE-2010-2812
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal znc Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. August 17, 2010, 17:08 pm
CVE-2010-2808
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. August 19, 2010, 13:08 pm
CVE-2010-2807
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2806
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. August 19, 2010, 13:08 pm
CVE-2010-2805
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2803
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount. September 8, 2010, 15:09 pm
CVE-2010-2799
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal socat Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. September 14, 2010, 16:09 pm
CVE-2010-2798
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. September 8, 2010, 15:09 pm
CVE-2010-2761
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cgi-simple The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. December 6, 2010, 14:12 pm
CVE-2010-2713
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal vte The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. August 5, 2010, 13:08 pm
CVE-2010-2653
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. October 5, 2010, 13:10 pm
CVE-2010-2632
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High sunos Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. January 19, 2011, 10:01 am
CVE-2010-2628
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious strongswan The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. August 20, 2010, 13:08 pm
CVE-2010-2621
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. July 2, 2010, 15:07 pm
CVE-2010-2547
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gnupg Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. August 5, 2010, 13:08 pm
CVE-2010-2542
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious git Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. August 11, 2010, 13:08 pm
CVE-2010-2541
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2538
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. September 30, 2010, 10:09 am
CVE-2010-2537
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. September 30, 2010, 10:09 am
CVE-2010-2531
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. August 20, 2010, 17:08 pm
CVE-2010-2529
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium iputils Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. July 28, 2010, 07:07 am
CVE-2010-2527
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2526
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium lvm2 The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. August 5, 2010, 08:08 am
CVE-2010-2525
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. September 20, 2011, 11:09 am
CVE-2010-2523
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High umip Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet. July 13, 2010, 12:07 pm
CVE-2010-2522
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low umip The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. July 13, 2010, 12:07 pm
CVE-2010-2521
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. September 7, 2010, 12:09 pm
CVE-2010-2520
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2519
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. August 19, 2010, 13:08 pm
CVE-2010-2500
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2499
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. August 19, 2010, 13:08 pm
CVE-2010-2498
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium freetype The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. August 19, 2010, 13:08 pm
CVE-2010-2497
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal freetype Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. August 19, 2010, 13:08 pm
CVE-2010-2495
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. September 8, 2010, 15:09 pm
CVE-2010-2492
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. September 8, 2010, 15:09 pm
CVE-2010-2489
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ruby Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. July 12, 2010, 08:07 am
CVE-2010-2484
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. August 20, 2010, 17:08 pm
CVE-2010-2480
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mako Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. July 2, 2010, 14:07 pm
CVE-2010-2478
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. September 29, 2010, 12:09 pm
CVE-2010-2448
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low znc znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell. July 12, 2010, 12:07 pm
CVE-2010-2441
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. June 24, 2010, 12:06 pm
CVE-2010-2432
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cups The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. June 22, 2010, 15:06 pm
CVE-2010-2431
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low cups The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. June 22, 2010, 15:06 pm
CVE-2010-2287
8.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. June 15, 2010, 09:06 am
CVE-2010-2286
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low wireshark The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. June 15, 2010, 09:06 am
CVE-2010-2285
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low wireshark The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. June 15, 2010, 09:06 am
CVE-2010-2284
8.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. June 15, 2010, 09:06 am
CVE-2010-2283
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low wireshark The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. June 15, 2010, 09:06 am
CVE-2010-2266
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nginx nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. June 15, 2010, 09:06 am
CVE-2010-2264
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. June 11, 2010, 14:06 pm
CVE-2010-2263
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nginx nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. June 15, 2010, 09:06 am
CVE-2010-2253
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libwww-perl lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. July 6, 2010, 12:07 pm
CVE-2010-2252
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wget GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. July 6, 2010, 12:07 pm
CVE-2010-2251
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious lftp The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. July 6, 2010, 12:07 pm
CVE-2010-2249
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. June 30, 2010, 13:06 pm
CVE-2010-2248
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. September 7, 2010, 12:09 pm
CVE-2010-2244
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal avahi The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. July 8, 2010, 07:07 am
CVE-2010-2243
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 16, 2011, 13:06 pm
CVE-2010-2242
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libvirt Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. August 19, 2010, 13:08 pm
CVE-2010-2240
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. September 3, 2010, 15:09 pm
CVE-2010-2239
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. August 19, 2010, 13:08 pm
CVE-2010-2238
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. August 19, 2010, 13:08 pm
CVE-2010-2237
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. August 19, 2010, 13:08 pm
CVE-2010-2233
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." July 2, 2010, 07:07 am
CVE-2010-2226
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. September 3, 2010, 15:09 pm
CVE-2010-2225
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High php Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. June 24, 2010, 07:06 am
CVE-2010-2221
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium iscsitarget Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. July 8, 2010, 13:07 pm
CVE-2010-2199
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High rpm lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. June 8, 2010, 13:06 pm
CVE-2010-2198
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High rpm lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. June 8, 2010, 13:06 pm
CVE-2010-2197
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal rpm rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. June 8, 2010, 13:06 pm
CVE-2010-2191
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. June 7, 2010, 19:06 pm
CVE-2010-2190
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. June 7, 2010, 19:06 pm
CVE-2010-2156
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dhcp ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID. June 7, 2010, 12:06 pm
CVE-2010-2131
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious cal SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. June 2, 2010, 13:06 pm
CVE-2010-2101
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. May 27, 2010, 17:05 pm
CVE-2010-2100
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. May 27, 2010, 17:05 pm
CVE-2010-2097
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. May 27, 2010, 17:05 pm
CVE-2010-2094
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. May 27, 2010, 17:05 pm
CVE-2010-2093
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. May 27, 2010, 17:05 pm
CVE-2010-2089
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal python The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. May 27, 2010, 14:05 pm
CVE-2010-2071
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. June 16, 2010, 15:06 pm
CVE-2010-2067
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tiff Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. June 24, 2010, 07:06 am
CVE-2010-2066
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. September 8, 2010, 15:09 pm
CVE-2010-2065
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tiff Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. June 24, 2010, 07:06 am
CVE-2010-2063
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High samba Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. June 17, 2010, 11:06 am
CVE-2010-2059
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High rpm lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. June 8, 2010, 13:06 pm
CVE-2010-2048
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low heartbeat Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. May 25, 2010, 13:05 pm
CVE-2010-2008
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. July 13, 2010, 15:07 pm
CVE-2010-1975
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium postgresql PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. May 19, 2010, 13:05 pm
CVE-2010-1917
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. May 12, 2010, 06:05 am
CVE-2010-1915
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. May 12, 2010, 06:05 am
CVE-2010-1914
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. May 12, 2010, 06:05 am
CVE-2010-1868
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. May 7, 2010, 18:05 pm
CVE-2010-1866
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. May 7, 2010, 18:05 pm
CVE-2010-1864
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. May 7, 2010, 18:05 pm
CVE-2010-1862
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. May 7, 2010, 18:05 pm
CVE-2010-1860
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. May 7, 2010, 18:05 pm
CVE-2010-1850
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. June 7, 2010, 19:06 pm
CVE-2010-1849
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. June 7, 2010, 19:06 pm
CVE-2010-1848
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. June 7, 2010, 19:06 pm
CVE-2010-1797
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libxml2 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. August 16, 2010, 13:08 pm
CVE-2010-1796
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low webkit The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. July 30, 2010, 15:07 pm
CVE-2010-1793
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. July 30, 2010, 15:07 pm
CVE-2010-1792
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. July 30, 2010, 15:07 pm
CVE-2010-1791
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. July 30, 2010, 15:07 pm
CVE-2010-1790
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." July 30, 2010, 15:07 pm
CVE-2010-1789
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. July 30, 2010, 15:07 pm
CVE-2010-1788
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. July 30, 2010, 15:07 pm
CVE-2010-1787
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. July 30, 2010, 15:07 pm
CVE-2010-1786
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. July 30, 2010, 15:07 pm
CVE-2010-1785
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. July 30, 2010, 15:07 pm
CVE-2010-1784
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. July 30, 2010, 15:07 pm
CVE-2010-1783
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. July 30, 2010, 15:07 pm
CVE-2010-1782
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. July 30, 2010, 15:07 pm
CVE-2010-1780
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. July 30, 2010, 15:07 pm
CVE-2010-1778
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. July 30, 2010, 15:07 pm
CVE-2010-1774
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. June 11, 2010, 14:06 pm
CVE-2010-1771
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. June 11, 2010, 14:06 pm
CVE-2010-1770
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." June 11, 2010, 14:06 pm
CVE-2010-1766
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit qt Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. July 22, 2010, 00:07 am
CVE-2010-1764
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. June 11, 2010, 14:06 pm
CVE-2010-1762
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. June 11, 2010, 14:06 pm
CVE-2010-1761
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. June 11, 2010, 14:06 pm
CVE-2010-1760
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. August 19, 2010, 17:08 pm
CVE-2010-1759
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. June 11, 2010, 14:06 pm
CVE-2010-1758
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. June 11, 2010, 14:06 pm
CVE-2010-1749
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. June 11, 2010, 13:06 pm
CVE-2010-1748
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cups The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. June 17, 2010, 11:06 am
CVE-2010-1729
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. May 6, 2010, 09:05 am
CVE-2010-1679
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dpkg Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. January 10, 2011, 21:01 pm
CVE-2010-1675
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal quagga bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. March 29, 2011, 13:03 pm
CVE-2010-1674
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium quagga The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. March 29, 2011, 13:03 pm
CVE-2010-1646
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium sudo The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. June 7, 2010, 12:06 pm
CVE-2010-1643
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. June 3, 2010, 09:06 am
CVE-2010-1642
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium samba The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a xffxff security blob length in a Session Setup AndX request. June 17, 2010, 11:06 am
CVE-2010-1641
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. June 1, 2010, 15:06 pm
CVE-2010-1636
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor. June 7, 2010, 19:06 pm
CVE-2010-1635
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal samba The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. June 17, 2010, 11:06 am
CVE-2010-1634
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal python Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. May 27, 2010, 14:05 pm
CVE-2010-1633
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. June 3, 2010, 09:06 am
CVE-2010-1623
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium apr-util Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. October 4, 2010, 16:10 pm
CVE-2010-1621
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. May 14, 2010, 14:05 pm
CVE-2010-1488
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation. April 20, 2010, 10:04 am
CVE-2010-1455
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ethereal The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. May 12, 2010, 06:05 am
CVE-2010-1451
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. May 7, 2010, 13:05 pm
CVE-2010-1450
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High python Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. May 27, 2010, 14:05 pm
CVE-2010-1449
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High python Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. May 27, 2010, 14:05 pm
CVE-2010-1447
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High postgresql The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. May 19, 2010, 13:05 pm
CVE-2010-1446
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke. May 21, 2010, 12:05 pm
CVE-2010-1437
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. May 7, 2010, 13:05 pm
CVE-2010-1436
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. May 21, 2010, 12:05 pm
CVE-2010-1422
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. June 11, 2010, 13:06 pm
CVE-2010-1421
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. June 11, 2010, 14:06 pm
CVE-2010-1419
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. June 11, 2010, 14:06 pm
CVE-2010-1418
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. June 11, 2010, 14:06 pm
CVE-2010-1417
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. June 11, 2010, 13:06 pm
CVE-2010-1416
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." June 11, 2010, 13:06 pm
CVE-2010-1415
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." June 11, 2010, 13:06 pm
CVE-2010-1414
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. June 11, 2010, 13:06 pm
CVE-2010-1413
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. June 11, 2010, 13:06 pm
CVE-2010-1412
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. June 11, 2010, 13:06 pm
CVE-2010-1411
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium mac_os_x Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. June 17, 2010, 11:06 am
CVE-2010-1410
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. June 11, 2010, 13:06 pm
CVE-2010-1409
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. June 11, 2010, 13:06 pm
CVE-2010-1408
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. June 11, 2010, 13:06 pm
CVE-2010-1406
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. June 11, 2010, 13:06 pm
CVE-2010-1405
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. June 11, 2010, 13:06 pm
CVE-2010-1404
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. June 11, 2010, 13:06 pm
CVE-2010-1403
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. June 11, 2010, 13:06 pm
CVE-2010-1402
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. June 11, 2010, 13:06 pm
CVE-2010-1401
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. June 11, 2010, 13:06 pm
CVE-2010-1400
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. June 11, 2010, 13:06 pm
CVE-2010-1399
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. June 11, 2010, 13:06 pm
CVE-2010-1398
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. June 11, 2010, 13:06 pm
CVE-2010-1397
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. June 11, 2010, 13:06 pm
CVE-2010-1396
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. June 11, 2010, 13:06 pm
CVE-2010-1395
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." June 11, 2010, 13:06 pm
CVE-2010-1394
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. June 11, 2010, 13:06 pm
CVE-2010-1393
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. June 11, 2010, 13:06 pm
CVE-2010-1392
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. June 11, 2010, 13:06 pm
CVE-2010-1391
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. June 11, 2010, 13:06 pm
CVE-2010-1390
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. June 11, 2010, 13:06 pm
CVE-2010-1389
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. June 11, 2010, 13:06 pm
CVE-2010-1388
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. June 11, 2010, 13:06 pm
CVE-2010-1386
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. August 19, 2010, 17:08 pm
CVE-2010-1205
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libpng Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. June 30, 2010, 13:06 pm
CVE-2010-1188
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed. March 31, 2010, 13:03 pm
CVE-2010-1187
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. March 31, 2010, 13:03 pm
CVE-2010-1173
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. May 7, 2010, 13:05 pm
CVE-2010-1172
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low dbus-glib DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. August 20, 2010, 13:08 pm
CVE-2010-1169
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High postgresql PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. May 19, 2010, 13:05 pm
CVE-2010-1168
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High safe The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." June 21, 2010, 11:06 am
CVE-2010-1166
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High x.org The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. April 29, 2010, 16:04 pm
CVE-2010-1163
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium sudo The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. April 16, 2010, 14:04 pm
CVE-2010-1162
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. April 20, 2010, 10:04 am
CVE-2010-1161
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low nano Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. April 16, 2010, 14:04 pm
CVE-2010-1160
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low nano GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. April 16, 2010, 14:04 pm
CVE-2010-1158
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium perl Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. April 20, 2010, 10:04 am
CVE-2010-1148
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions. April 12, 2010, 12:04 pm
CVE-2010-1146
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/. April 12, 2010, 13:04 pm
CVE-2010-1142
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ace VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. April 12, 2010, 13:04 pm
CVE-2010-1141
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ace VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. April 12, 2010, 13:04 pm
CVE-2010-1138
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ace The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. April 12, 2010, 13:04 pm
CVE-2010-1130
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). March 26, 2010, 15:03 pm
CVE-2010-1129
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. March 26, 2010, 15:03 pm
CVE-2010-1128
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. March 26, 2010, 15:03 pm
CVE-2010-1126
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. March 26, 2010, 15:03 pm
CVE-2010-1088
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. April 6, 2010, 17:04 pm
CVE-2010-1087
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. April 6, 2010, 17:04 pm
CVE-2010-1086
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. April 6, 2010, 17:04 pm
CVE-2010-1085
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error. April 6, 2010, 17:04 pm
CVE-2010-1084
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. April 6, 2010, 17:04 pm
CVE-2010-1083
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). April 6, 2010, 17:04 pm
CVE-2010-0928
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." March 5, 2010, 13:03 pm
CVE-2010-0926
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low samba The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. March 10, 2010, 14:03 pm
CVE-2010-0830
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. June 1, 2010, 15:06 pm
CVE-2010-0789
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low fuse fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. March 2, 2010, 12:03 pm
CVE-2010-0787
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal samba client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. March 2, 2010, 12:03 pm
CVE-2010-0743
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium iscsitarget Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. April 8, 2010, 12:04 pm
CVE-2010-0742
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. June 3, 2010, 09:06 am
CVE-2010-0741
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). April 12, 2010, 13:04 pm
CVE-2010-0740
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. March 26, 2010, 13:03 pm
CVE-2010-0734
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. March 19, 2010, 14:03 pm
CVE-2010-0733
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low postgresql Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. March 19, 2010, 14:03 pm
CVE-2010-0732
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gtk+ gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. March 19, 2010, 14:03 pm
CVE-2010-0731
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High gnutls The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. March 26, 2010, 13:03 pm
CVE-2010-0728
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious samba smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. March 10, 2010, 14:03 pm
CVE-2010-0661
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. February 18, 2010, 12:02 pm
CVE-2010-0659
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. February 18, 2010, 12:02 pm
CVE-2010-0656
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. February 18, 2010, 12:02 pm
CVE-2010-0651
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. February 18, 2010, 12:02 pm
CVE-2010-0647
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. February 18, 2010, 12:02 pm
CVE-2010-0639
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squid The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. February 15, 2010, 12:02 pm
CVE-2010-0634
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious flex Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. February 12, 2010, 16:02 pm
CVE-2010-0624
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cpio Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. March 15, 2010, 08:03 am
CVE-2010-0623
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. February 15, 2010, 12:02 pm
CVE-2010-0622
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. February 15, 2010, 12:02 pm
CVE-2010-0547
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low samba client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. February 4, 2010, 14:02 pm
CVE-2010-0544
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. June 11, 2010, 14:06 pm
CVE-2010-0542
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cups The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. June 21, 2010, 11:06 am
CVE-2010-0540
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium mac_os_x Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. June 17, 2010, 11:06 am
CVE-2010-0442
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium postgresql The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." February 2, 2010, 12:02 pm
CVE-2010-0437
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. March 24, 2010, 08:03 am
CVE-2010-0434
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. March 5, 2010, 13:03 pm
CVE-2010-0433
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. March 5, 2010, 13:03 pm
CVE-2010-0427
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium sudo sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. February 25, 2010, 13:02 pm
CVE-2010-0424
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low cronie The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. February 25, 2010, 13:02 pm
CVE-2010-0419
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kvm The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch. March 5, 2010, 10:03 am
CVE-2010-0412
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious systemtap stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. February 24, 2010, 18:02 pm
CVE-2010-0411
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal systemtap Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. February 8, 2010, 14:02 pm
CVE-2010-0410
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. February 22, 2010, 07:02 am
CVE-2010-0405
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bzip2 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. September 28, 2010, 13:09 pm
CVE-2010-0397
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. March 16, 2010, 14:03 pm
CVE-2010-0396
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dpkg Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. March 15, 2010, 08:03 am
CVE-2010-0393
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cups The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. March 5, 2010, 13:03 pm
CVE-2010-0382
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. January 22, 2010, 16:01 pm
CVE-2010-0308
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium squid lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. February 3, 2010, 12:02 pm
CVE-2010-0307
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. February 17, 2010, 12:02 pm
CVE-2010-0304
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious wireshark Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. February 3, 2010, 12:02 pm
CVE-2010-0302
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cups Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. March 5, 2010, 13:03 pm
CVE-2010-0298
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306. February 12, 2010, 13:02 pm
CVE-2010-0297
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious qemu Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. February 12, 2010, 13:02 pm
CVE-2010-0296
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. June 1, 2010, 15:06 pm
CVE-2010-0295
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal lighttpd lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. February 3, 2010, 13:02 pm
CVE-2010-0291
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium e1000 The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." February 15, 2010, 12:02 pm
CVE-2010-0290
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. January 22, 2010, 16:01 pm
CVE-2010-0218
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. October 5, 2010, 17:10 pm
CVE-2010-0213
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low bind BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. July 28, 2010, 07:07 am
CVE-2010-0212
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openldap OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. July 28, 2010, 07:07 am
CVE-2010-0211
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openldap The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. July 28, 2010, 07:07 am
CVE-2010-0205
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libpng The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. March 3, 2010, 13:03 pm
CVE-2010-0097
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. January 22, 2010, 16:01 pm
CVE-2010-0015
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. January 14, 2010, 12:01 pm
CVE-2010-0008
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. March 19, 2010, 14:03 pm
CVE-2010-0007
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. January 19, 2010, 10:01 am
CVE-2010-0006
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High e1000 The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. January 26, 2010, 12:01 pm
CVE-2010-0003
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium e1000 The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. January 26, 2010, 12:01 pm
CVE-2010-0002
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low bash The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. January 14, 2010, 12:01 pm
CVE-2010-0001
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gzip Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. January 29, 2010, 12:01 pm