Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-14 | CVE-2010-2414 | Remote Security vulnerability in Oracle Sun Convergence Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors. | 2.6 |
2010-10-14 | CVE-2010-2404 | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account. network oracle | 3.5 |
2010-10-14 | CVE-2010-2391 | Remote Core RDBMS vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 3.6 |
2010-10-14 | CVE-2010-2389 | Local Perl vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon. | 1.0 |
2010-10-07 | CVE-2010-3691 | Link Following vulnerability in Apereo PHPcas PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | 3.3 |
2010-10-07 | CVE-2010-3321 | Permissions, Privileges, and Access Controls vulnerability in RSA Authentication Client 2.0/3.0/3.5.1 RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | 1.5 |
2010-10-06 | CVE-2010-3779 | Permissions, Privileges, and Access Controls vulnerability in Dovecot Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | 3.5 |
2010-10-05 | CVE-2010-3303 | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. | 3.5 |
2010-10-05 | CVE-2010-3737 | Resource Management Errors vulnerability in IBM DB2 9.5 Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | 3.5 |
2010-10-05 | CVE-2010-3735 | Resource Management Errors vulnerability in IBM DB2 9.5 The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | 2.1 |