| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-7240 |
264 |
|
|
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. |
|
2 |
CVE-2006-7241 |
264 |
|
Bypass |
2010-09-20 |
2010-09-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. |
|
3 |
CVE-2006-7242 |
264 |
|
Bypass |
2010-09-20 |
2010-09-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
|
4 |
CVE-2008-7261 |
255 |
|
+Info |
2010-09-20 |
2010-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. |
|
5 |
CVE-2009-4895 |
362 |
|
DoS |
2010-09-08 |
2020-08-27 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. |
|
6 |
CVE-2009-4898 |
352 |
|
CSRF |
2010-09-07 |
2010-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339. |
|
7 |
CVE-2009-4996 |
264 |
|
|
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. |
|
8 |
CVE-2009-4997 |
264 |
|
|
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. |
|
9 |
CVE-2009-4998 |
264 |
|
Bypass |
2010-09-20 |
2010-09-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. |
|
10 |
CVE-2009-4999 |
79 |
|
XSS |
2010-09-20 |
2010-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. |
|
11 |
CVE-2009-5000 |
79 |
|
XSS |
2010-09-20 |
2010-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. |
|
12 |
CVE-2009-5001 |
264 |
|
Bypass |
2010-09-20 |
2010-09-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. |
|
13 |
CVE-2009-5002 |
264 |
|
|
2010-09-20 |
2010-09-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. |
|
14 |
CVE-2009-5003 |
89 |
2
|
Exec Code Sql |
2010-09-22 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. |
|
15 |
CVE-2010-0152 |
79 |
|
XSS |
2010-09-14 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. |
|
16 |
CVE-2010-0153 |
352 |
|
DoS CSRF |
2010-09-14 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. |
|
17 |
CVE-2010-0154 |
22 |
|
Dir. Trav. |
2010-09-14 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability." |
|
18 |
CVE-2010-0155 |
94 |
|
Http R.Spl. |
2010-09-14 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. |
|
19 |
CVE-2010-0405 |
189 |
|
DoS Exec Code Overflow |
2010-09-28 |
2018-10-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. |
|
20 |
CVE-2010-0574 |
|
|
DoS |
2010-09-10 |
2010-09-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. |
|
21 |
CVE-2010-0575 |
264 |
|
Bypass |
2010-09-10 |
2010-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. |
|
22 |
CVE-2010-0781 |
|
|
DoS |
2010-09-21 |
2017-08-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. |
|
23 |
CVE-2010-0818 |
94 |
|
Exec Code |
2010-09-15 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." |
|
24 |
CVE-2010-0820 |
119 |
|
Exec Code Overflow |
2010-09-15 |
2019-02-26 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability." |
|
25 |
CVE-2010-1325 |
352 |
|
CSRF |
2010-09-03 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. |
|
26 |
CVE-2010-1326 |
264 |
|
Exec Code Bypass |
2010-09-15 |
2011-08-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance. |
|
27 |
CVE-2010-1507 |
255 |
|
|
2010-09-03 |
2010-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. |
|
28 |
CVE-2010-1767 |
352 |
|
CSRF |
2010-09-24 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. |
|
29 |
CVE-2010-1772 |
416 |
|
DoS Exec Code |
2010-09-24 |
2020-08-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. |
|
30 |
CVE-2010-1773 |
193 |
|
DoS Exec Code Mem. Corr. +Info |
2010-09-24 |
2020-08-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. |
|
31 |
CVE-2010-1781 |
399 |
|
DoS Exec Code |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. |
|
32 |
CVE-2010-1805 |
264 |
|
+Priv |
2010-09-10 |
2017-09-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. |
|
33 |
CVE-2010-1806 |
399 |
|
DoS Exec Code |
2010-09-10 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. |
|
34 |
CVE-2010-1807 |
20 |
|
DoS Exec Code |
2010-09-10 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. |
|
35 |
CVE-2010-1809 |
|
|
|
2010-09-09 |
2018-11-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. |
|
36 |
CVE-2010-1810 |
|
|
|
2010-09-09 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. |
|
37 |
CVE-2010-1811 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. |
|
38 |
CVE-2010-1812 |
399 |
|
DoS Exec Code |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. |
|
39 |
CVE-2010-1813 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. |
|
40 |
CVE-2010-1814 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. |
|
41 |
CVE-2010-1815 |
399 |
|
DoS Exec Code |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. |
|
42 |
CVE-2010-1817 |
119 |
|
DoS Exec Code Overflow |
2010-09-09 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. |
|
43 |
CVE-2010-1820 |
287 |
|
Bypass |
2010-09-21 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. |
|
44 |
CVE-2010-1823 |
416 |
|
DoS |
2010-09-24 |
2020-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. |
|
45 |
CVE-2010-1824 |
416 |
|
DoS Exec Code |
2010-09-24 |
2020-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. |
|
46 |
CVE-2010-1825 |
416 |
|
DoS |
2010-09-24 |
2020-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. |
|
47 |
CVE-2010-1891 |
264 |
|
+Priv |
2010-09-15 |
2019-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." |
|
48 |
CVE-2010-1899 |
119 |
|
DoS Overflow |
2010-09-15 |
2021-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." |
|
49 |
CVE-2010-2066 |
|
|
|
2010-09-08 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. |
|
50 |
CVE-2010-2080 |
79 |
|
XSS |
2010-09-20 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
