Total
8931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5454 | 1 Ibm | 1 Websphere Portal | 2026-04-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. | |||||
| CVE-2011-0178 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2026-04-29 | 2.1 LOW | N/A |
| The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | |||||
| CVE-2011-3801 | 1 Simpletest | 1 Simpletest | 2026-04-29 | 5.0 MEDIUM | N/A |
| SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | |||||
| CVE-2011-4304 | 1 Moodle | 1 Moodle | 2026-04-29 | 4.0 MEDIUM | N/A |
| The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | |||||
| CVE-2010-3014 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2026-04-29 | 1.2 LOW | N/A |
| The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | |||||
| CVE-2010-4046 | 1 Opera | 1 Opera Browser | 2026-04-29 | 4.3 MEDIUM | N/A |
| Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. | |||||
| CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2026-04-29 | 4.0 MEDIUM | N/A |
| The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | |||||
| CVE-2010-0003 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-29 | 5.4 MEDIUM | N/A |
| The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. | |||||
| CVE-2013-2076 | 1 Xen | 1 Xen | 2026-04-29 | 4.3 MEDIUM | N/A |
| Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | |||||
| CVE-2012-5625 | 1 Openstack | 2 Folsom, Grizzly | 2026-04-29 | 4.3 MEDIUM | N/A |
| OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | |||||
| CVE-2011-3760 | 1 Nucleuscms | 1 Nucleus Cms | 2026-04-29 | 5.0 MEDIUM | N/A |
| Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. | |||||
| CVE-2012-1171 | 1 Php | 1 Php | 2026-04-29 | 5.0 MEDIUM | N/A |
| The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | |||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | |||||
| CVE-2011-2156 | 1 Smartertools | 1 Smarterstats | 2026-04-29 | 5.0 MEDIUM | N/A |
| The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2026-04-29 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2013-3230 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 4.9 MEDIUM | N/A |
| The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2010-0651 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2026-04-29 | 4.3 MEDIUM | N/A |
| WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | |||||
| CVE-2013-6789 | 1 Silverstripe | 1 Silverstripe | 2026-04-29 | 5.0 MEDIUM | N/A |
| security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653. | |||||
| CVE-2011-3735 | 1 Escortwebsitedesign | 1 Escort-agency-cms | 2026-04-29 | 5.0 MEDIUM | N/A |
| Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files. | |||||
| CVE-2009-0788 | 1 Redhat | 1 Network Satellite Server | 2026-04-29 | 6.4 MEDIUM | N/A |
| Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. | |||||