|
264851
|
- |
|
apache
|
myfaces
|
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it e…
|
CWE-310
Cryptographic Issues
|
CVE-2010-2057
|
2010-11-19 14:00 |
2010-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264852
|
- |
|
gnu
|
gzip
|
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infi…
|
CWE-20
Improper Input Validation
|
CVE-2009-2624
|
2010-11-18 15:29 |
2010-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264853
|
- |
|
redhat
|
certificate_system
dogtag_certificate_system
|
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sni…
|
CWE-287
Improper Authentication
|
CVE-2010-3868
|
2010-11-18 14:00 |
2010-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264854
|
- |
|
redhat
|
certificate_system
dogtag_certificate_system
|
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
|
CWE-310
Cryptographic Issues
|
CVE-2010-3869
|
2010-11-18 14:00 |
2010-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264855
|
- |
|
impresscms
|
impresscms
|
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2010-4271
|
2010-11-18 14:00 |
2010-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264856
|
- |
|
apple
|
coregraphics
mac_os_x
mac_os_x_server
|
Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF fil…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-1801
|
2010-11-17 14:00 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264857
|
- |
|
apple
|
mac_os_x
mac_os_x_server
|
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an ap…
|
CWE-200
Information Exposure
|
CVE-2010-3796
|
2010-11-17 14:00 |
2010-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264858
|
- |
|
apple
|
mac_os_x_server
|
Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstan…
|
CWE-200
Information Exposure
|
CVE-2010-4011
|
2010-11-17 14:00 |
2010-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264859
|
- |
|
apple
|
mac_os_x_server
|
Per: http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html
'Dovecot is only provided with Mac OS X Server systems. This issue only affects systems running Mac OS X Server v10.6…
|
CWE-200
Information Exposure
|
CVE-2010-4011
|
2010-11-17 14:00 |
2010-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264860
|
- |
|
infradead
|
openconnect
|
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.
|
NVD-CWE-noinfo
|
CVE-2010-3903
|
2010-11-12 14:00 |
2010-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
