Total
9546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2380 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing. | |||||
| CVE-2012-5222 | 2 Hp, Microsoft | 2 Service Manager Web Tier, Windows | 2025-04-11 | 5.0 MEDIUM | N/A |
| HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-0474 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. | |||||
| CVE-2013-5440 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 2.1 LOW | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2025-04-11 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2011-4852 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2012-4219 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.0 MEDIUM | N/A |
| show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. | |||||
| CVE-2012-2668 | 1 Openldap | 1 Openldap | 2025-04-11 | 4.3 MEDIUM | N/A |
| libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. | |||||
| CVE-2011-2153 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
| Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2012-3972 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. | |||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
| CVE-2013-4617 | 1 Jahia | 1 Jahia Xcm | 2025-04-11 | 5.0 MEDIUM | N/A |
| Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2010-4354 | 1 Cisco | 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | |||||
| CVE-2010-4011 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." | |||||
| CVE-2011-3795 | 1 Betella | 1 Podcast Generator | 2025-04-11 | 5.0 MEDIUM | N/A |
| Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. | |||||
| CVE-2013-3428 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 4.0 MEDIUM | N/A |
| The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | |||||
| CVE-2013-2272 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2025-04-11 | 5.0 MEDIUM | N/A |
| The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. | |||||
| CVE-2009-0788 | 1 Redhat | 1 Network Satellite Server | 2025-04-11 | 6.4 MEDIUM | N/A |
| Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. | |||||
| CVE-2009-4630 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case." | |||||
| CVE-2013-4516 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. | |||||