|
305141
|
9.8 |
CRITICAL
Network
|
ui
|
airos
|
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fi…
|
CWE-77
Command Injection
|
CVE-2010-5330
|
2024-11-21 10:23 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305142
|
9.8 |
CRITICAL
Network
|
rockwellautomation
|
rslogix
plc5_1785-lx_firmware
slc5\/01_1747-l5x_firmware
|
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unautho…
|
CWE-284
Improper Access Control
|
CVE-2010-5305
|
2024-11-21 10:23 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305143
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which mi…
|
CWE-399
Resource Management Errors
|
CVE-2010-5329
|
2024-11-21 10:23 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305144
|
4.3 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2010-5321
|
2024-11-21 10:23 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305145
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of s…
|
CWE-20
Improper Input Validation
|
CVE-2010-5328
|
2024-11-21 10:23 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305146
|
8.8 |
HIGH
Network
|
liferay
|
liferay_portal
|
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5327
|
2024-11-21 10:23 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305147
|
9.8 |
CRITICAL
Network
|
redhat
linuxfoundation
oracle
|
enterprise_linux_server_eus
enterprise_linux_hpc_node
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
foomatic-filters
linux
enterprise_linux
|
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly ex…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-5325
|
2024-11-21 10:23 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305148
|
- |
|
gehealthcare
|
revolution_xq\/i
|
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this passw…
|
CWE-255
Credentials Management
|
CVE-2010-5310
|
2024-11-21 10:23 |
2015-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305149
|
- |
|
gehealthcare
|
cadstream_server_firmware
|
GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.
|
CWE-255
Credentials Management
|
CVE-2010-5309
|
2024-11-21 10:23 |
2015-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305150
|
- |
|
gehealthcare
|
optima_mr360_firmware
|
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency L…
|
CWE-255
Credentials Management
|
CVE-2010-5308
|
2024-11-21 10:23 |
2015-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
