Total
8175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-5183 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.6 LOW | N/A |
| Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-3502 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-11 | 5.0 MEDIUM | N/A |
| The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | |||||
| CVE-2011-3791 | 1 Matomo | 1 Matomo | 2025-04-11 | 5.0 MEDIUM | N/A |
| Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | |||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 4.0 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-3708 | 1 Automne-cms | 1 Automne | 2025-04-11 | 5.0 MEDIUM | N/A |
| Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | |||||
| CVE-2010-2226 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-11 | 2.1 LOW | N/A |
| The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. | |||||
| CVE-2013-3643 | 1 Adgjm | 1 Galapagos Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-6515 | 1 Efrontlearning | 1 Efront | 2025-04-11 | 5.0 MEDIUM | N/A |
| eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. | |||||
| CVE-2013-3223 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2011-3497 | 1 Measuresoft | 1 Scadapro | 2025-04-11 | 10.0 HIGH | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | |||||
| CVE-2011-1020 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.6 MEDIUM | N/A |
| The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. | |||||
| CVE-2013-1840 | 2 Amazon, Openstack | 5 S3 Store, Essex, Folsom and 2 more | 2025-04-11 | 3.5 LOW | N/A |
| The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | |||||
| CVE-2011-1892 | 1 Microsoft | 10 Forms Server, Groove, Groove Data Bridge Server and 7 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." | |||||
| CVE-2013-0599 | 1 Ibm | 1 Rational Directory Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code. | |||||
| CVE-2010-1796 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 2.6 LOW | N/A |
| The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | |||||
| CVE-2013-3227 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2011-0775 | 1 Pivotx | 1 Pivotx | 2025-04-11 | 5.0 MEDIUM | N/A |
| pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-0328 | 1 Janetter | 1 Janetter | 2025-04-11 | 5.0 MEDIUM | N/A |
| Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. | |||||