Total
8931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | |||||
| CVE-2011-3825 | 1 Zend | 2 Framework, Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files. | |||||
| CVE-2011-3700 | 1 Anelectron | 1 Advanced Electron Forum | 2026-04-29 | 5.0 MEDIUM | N/A |
| Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php. | |||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 2.1 LOW | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||
| CVE-2012-0130 | 1 Hp | 1 Onboard Administrator | 2026-04-29 | 5.0 MEDIUM | N/A |
| HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-4079 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-29 | 1.9 LOW | N/A |
| The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. | |||||
| CVE-2010-3078 | 5 Canonical, Linux, Opensuse and 2 more | 6 Ubuntu Linux, Linux Kernel, Opensuse and 3 more | 2026-04-29 | 2.1 LOW | 5.5 MEDIUM |
| The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | |||||
| CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2026-04-29 | 5.0 MEDIUM | N/A |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2011-3670 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-29 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | |||||
| CVE-2011-3761 | 1 Dietrich Ayala | 1 Nusoap | 2026-04-29 | 5.0 MEDIUM | N/A |
| NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files. | |||||
| CVE-2012-1945 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-29 | 2.9 LOW | N/A |
| Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. | |||||
| CVE-2011-3723 | 1 Craftysyntax | 1 Crafty Syntax | 2026-04-29 | 5.0 MEDIUM | N/A |
| Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | |||||
| CVE-2012-1361 | 1 Cisco | 1 Ios | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | |||||
| CVE-2013-3040 | 1 Ibm | 1 Infosphere Information Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack. | |||||
| CVE-2012-6459 | 2 Intel, Linux | 2 Connman, Tizen | 2026-04-29 | 4.3 MEDIUM | N/A |
| ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | |||||
| CVE-2013-3597 | 1 Searchblox | 1 Searchblox | 2026-04-29 | 5.0 MEDIUM | N/A |
| servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |||||
| CVE-2013-0677 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2026-04-29 | 5.8 MEDIUM | N/A |
| The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | |||||
| CVE-2010-4074 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-29 | 1.9 LOW | N/A |
| The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. | |||||
| CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2026-04-29 | 5.8 MEDIUM | N/A |
| services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2013-5136 | 1 Apple | 1 Apple Remote Desktop | 2026-04-29 | 4.3 MEDIUM | N/A |
| Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. | |||||