Filtered by CWE-20
Total 12560 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-2808 1 Google 1 Blink 2024-11-21 6.5 Medium
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
CVE-2011-1028 2 Debian, Smarty 2 Debian Linux, Smarty 2024-11-21 9.8 Critical
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
CVE-2011-0704 1 Fedoraproject 1 389 Directory Server 2024-11-21 N/A
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
CVE-2011-0703 2 Debian, Gksu-polkit Project 2 Debian Linux, Gksu-polkit 2024-11-21 9.8 Critical
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
CVE-2011-0529 2 Debian, Weborf Project 2 Debian Linux, Weborf 2024-11-21 7.5 High
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
CVE-2011-0220 1 Apple 1 Bonjour 2024-11-21 5.5 Medium
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
CVE-2010-4815 1 Coppermine-gallery 1 Coppermine Gallery 2024-11-21 9.8 Critical
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
CVE-2010-4660 1 Status 1 Statusnet 2024-11-21 9.8 Critical
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVE-2010-4239 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 9.8 Critical
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVE-2010-3667 1 Typo3 1 Typo3 2024-11-21 5.3 Medium
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
CVE-2010-3439 3 Cor-entertainment, Debian, Fedoraproject 3 Alien-arena, Debian Linux, Fedora 2024-11-21 6.5 Medium
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
CVE-2010-3375 1 Qtparted Project 1 Qtparted 2024-11-21 9.8 Critical
qtparted has insecure library loading which may allow arbitrary code execution
CVE-2010-3373 2 Debian, Grsecurity 2 Debian Linux, Paxtest 2024-11-21 5.5 Medium
paxtest handles temporary files insecurely
CVE-2010-3359 2 Debian, Gargoyle Project 2 Debian Linux, Gargoyle 2024-11-21 4.8 Medium
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
CVE-2010-3293 1 Mailscanner 1 Mailscanner 2024-11-21 5.5 Medium
mailscanner can allow local users to prevent virus signatures from being updated
CVE-2010-2490 2 Debian, Mumble 2 Debian Linux, Mumble 2024-11-21 6.5 Medium
Mumble: murmur-server has DoS due to malformed client query
CVE-2010-2476 1 Syscp Project 1 Syscp 2024-11-21 9.8 Critical
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.
CVE-2010-2473 1 Drupal 1 Drupal 2024-11-21 6.5 Medium
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
CVE-2010-2449 1 Gource 1 Gource 2024-11-21 6.5 Medium
Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.
CVE-2010-2447 1 Gitolite 1 Gitolite 2024-11-21 9.8 Critical
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.