Total
9546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4080 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 2.1 LOW | N/A |
| The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. | |||||
| CVE-2013-1840 | 2 Amazon, Openstack | 5 S3 Store, Essex, Folsom and 2 more | 2025-04-11 | 3.5 LOW | N/A |
| The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | |||||
| CVE-2011-3497 | 1 Measuresoft | 1 Scadapro | 2025-04-11 | 10.0 HIGH | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | |||||
| CVE-2010-2336 | 1 Yamamah | 1 Yamamah | 2025-04-11 | 5.0 MEDIUM | N/A |
| index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. | |||||
| CVE-2012-2922 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. | |||||
| CVE-2010-0434 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | |||||
| CVE-2013-5936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200. | |||||
| CVE-2013-2302 | 1 Transware | 1 Active\! Mail | 2025-04-11 | 1.9 LOW | N/A |
| TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | |||||
| CVE-2011-2076 | 1 Inventivetec | 1 Mediacast | 2025-04-11 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216. | |||||
| CVE-2011-4698 | 2 Android, Androidapptools | 2 Android, Easy Filter | 2025-04-11 | 6.4 MEDIUM | N/A |
| The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | |||||
| CVE-2012-6543 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2010-5104 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. | |||||
| CVE-2010-0494 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." | |||||
| CVE-2010-0790 | 1 Ncpfs | 1 Ncpfs | 2025-04-11 | 2.1 LOW | N/A |
| sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. | |||||
| CVE-2011-1356 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 2.1 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | |||||
| CVE-2013-2744 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. | |||||
| CVE-2011-4731 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. | |||||
| CVE-2011-3752 | 1 Limesurvey | 1 Limesurvey | 2025-04-11 | 5.0 MEDIUM | N/A |
| LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files. | |||||
| CVE-2012-6469 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
| Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |||||
| CVE-2013-7249 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
| Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. | |||||