Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2006 | 1 Openstack | 1 Keystone | 2025-04-11 | 2.1 LOW | N/A |
|
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
|
|||||
| CVE-2013-6480 | 1 Apache | 1 Libcloud | 2025-04-11 | 2.1 LOW | N/A |
|
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
|
|||||
| CVE-2013-5136 | 1 Apple | 1 Apple Remote Desktop | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
|
|||||
| CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
|
|||||
| CVE-2011-3670 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
|
|||||
| CVE-2013-4295 | 1 Apache | 1 Shindig | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2011-3807 | 1 Textpattern | 1 Textpattern | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
|
|||||
| CVE-2011-3730 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
|
|||||
| CVE-2013-3226 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
|
|||||
| CVE-2013-0160 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
|
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
|
|||||
| CVE-2009-2899 | 1 Vmware | 1 Hyperic Hq | 2025-04-11 | 2.1 LOW | N/A |
|
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.
|
|||||
| CVE-2011-1839 | 1 Ibm | 1 Rational Build Forge | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
|
|||||
| CVE-2010-1851 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
|
|||||
| CVE-2012-1812 | 1 C3-ilex | 1 Eoscada | 2025-04-11 | 5.0 MEDIUM | N/A |
|
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000.
|
|||||
| CVE-2010-1800 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.
|
|||||
| CVE-2011-3760 | 1 Nucleuscms | 1 Nucleus Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.
|
|||||
| CVE-2013-6330 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 3.5 LOW | N/A |
|
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2013-0693 | 2 Emerson, Enea | 4 Dl 8000 Remote Terminal Unit, Roc 800 Remote Terminal Unit, Roc 800l Remote Terminal Unit and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
|
|||||
| CVE-2011-4731 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files.
|
|||||
| CVE-2010-2791 | 2 Apache, Unix | 2 Http Server, Unix | 2025-04-11 | 5.0 MEDIUM | N/A |
|
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
|
|||||
| CVE-2010-4074 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
|
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
|
|||||
| CVE-2013-7281 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
|
|||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
|
|||||
| CVE-2011-3701 | 1 Alegrocart | 1 Alegrocart | 2025-04-11 | 5.0 MEDIUM | N/A |
|
AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files.
|
|||||
| CVE-2010-3831 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
|
|||||
| CVE-2012-4411 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
|
|||||
| CVE-2011-3975 | 2 Google, Htc | 4 Android, Evo 3d, Evo 4g and 1 more | 2025-04-11 | 2.6 LOW | N/A |
|
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
|
|||||
| CVE-2010-4403 | 2 Devbits, Wordpress | 2 Register-plus, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.
|
|||||
| CVE-2010-1125 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
|
|||||
| CVE-2011-3817 | 1 Websitebaker2 | 1 Website Baker | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436.
|
|||||
| CVE-2013-0001 | 1 Microsoft | 9 .net Framework, Windows 7, Windows 8 and 6 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
|
|||||
| CVE-2013-3597 | 1 Searchblox | 1 Searchblox | 2025-04-11 | 5.0 MEDIUM | N/A |
|
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
|
|||||
| CVE-2008-7268 | 1 Boka | 1 Siteengine | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
|
|||||
| CVE-2011-3246 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
|
|||||
| CVE-2013-7130 | 1 Openstack | 4 Compute, Grizzly, Havana and 1 more | 2025-04-11 | 7.1 HIGH | N/A |
|
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
|
|||||
| CVE-2013-5150 | 1 Apple | 1 Iphone Os | 2025-04-11 | 1.9 LOW | N/A |
|
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
|
|||||
| CVE-2012-0640 | 1 Apple | 1 Safari | 2025-04-11 | 5.0 MEDIUM | N/A |
|
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
|
|||||
| CVE-2013-0944 | 1 Emc | 1 Avamar | 2025-04-11 | 3.5 LOW | N/A |
|
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
|
|||||
| CVE-2010-0643 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
|
|||||
| CVE-2013-5209 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 7.8 HIGH | N/A |
|
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
|
|||||