Search Results (9598 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3829 1 Apple 1 Iphone Os 2025-04-11 N/A
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
CVE-2010-3830 1 Apple 1 Iphone Os 2025-04-11 N/A
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
CVE-2010-3856 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-11 N/A
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2010-3887 1 Apple 2 Mac Os X, Mail 2025-04-11 N/A
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
CVE-2010-3893 1 Ibm 1 Omnifind 2025-04-11 N/A
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
CVE-2010-3895 1 Ibm 1 Omnifind 2025-04-11 N/A
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
CVE-2010-3898 1 Ibm 1 Omnifind 2025-04-11 N/A
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
CVE-2010-3918 1 Fenrir-inc 1 Sleipnir 2025-04-11 N/A
Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.
CVE-2010-3919 1 Fenrir 1 Grani 2025-04-11 N/A
Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.
CVE-2010-3920 1 Epson 6 Lp-s7100, Lp-s7100 Driver 4.1.0, Lp-s7100 Driver 4.1.7 and 3 more 2025-04-11 N/A
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.
CVE-2010-3934 1 Rim 2 Blackberry 9700, Blackberry Device Software 2025-04-11 N/A
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.
CVE-2010-3943 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
CVE-2010-3961 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-11 N/A
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
CVE-2010-3983 1 Sap 1 Businessobjects 2025-04-11 N/A
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
CVE-2010-4546 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.
CVE-2010-4547 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
CVE-2010-4549 2 Ibm, Nokia 2 Lotus Notes Traveler, S60 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.
CVE-2010-4568 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.
CVE-2010-4582 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-4595 1 Ibm 1 Lotus Mobile Connect 2025-04-11 N/A
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.