Total
9537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4515 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. | |||||
| CVE-2010-0652 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. | |||||
| CVE-2011-3739 | 1 Openfreeway | 1 Freeway | 2025-04-11 | 5.0 MEDIUM | N/A |
| Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain other files. | |||||
| CVE-2011-3784 | 1 Phpnuke | 1 Php-nuke | 2025-04-11 | 5.0 MEDIUM | N/A |
| Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | |||||
| CVE-2011-3375 | 1 Apache | 1 Tomcat | 2025-04-11 | 5.0 MEDIUM | N/A |
| Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | |||||
| CVE-2012-3996 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 5.0 MEDIUM | N/A |
| TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | |||||
| CVE-2013-6237 | 1 Islonline | 2 Isl Desktop Plugin, Isl Light | 2025-04-11 | 3.5 LOW | N/A |
| The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session. | |||||
| CVE-2012-0130 | 1 Hp | 1 Onboard Administrator | 2025-04-11 | 5.0 MEDIUM | N/A |
| HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-0959 | 1 Remote Login Service Hackers | 1 Remote Login Service | 2025-04-11 | 2.1 LOW | N/A |
| Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. | |||||
| CVE-2013-3234 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2012-4605 | 1 Websense | 1 Websense Email Security | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | |||||
| CVE-2012-5624 | 3 Canonical, Digia, Qt | 3 Ubuntu Linux, Qt, Qt | 2025-04-11 | 4.3 MEDIUM | N/A |
| The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. | |||||
| CVE-2012-2645 | 2 Google, Yahoo | 2 Android, Yahoo\! Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-4866 | 2 Android, Kaixin001 | 2 Android, Kaixin001 | 2025-04-11 | 6.4 MEDIUM | N/A |
| The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | |||||
| CVE-2012-3733 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | |||||
| CVE-2011-3727 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-11 | 5.0 MEDIUM | N/A |
| DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2011-2084 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.0 MEDIUM | N/A |
| Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. | |||||
| CVE-2010-0523 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | |||||