Total
8929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||
| CVE-2011-3810 | 1 Tinywebgallery | 1 Tinywebgallery | 2026-04-29 | 5.0 MEDIUM | N/A |
| TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. | |||||
| CVE-2011-0031 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2026-04-29 | 4.3 MEDIUM | N/A |
| The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | |||||
| CVE-2012-0731 | 1 Ibm | 1 Rational Appscan | 2026-04-29 | 6.8 MEDIUM | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-4760 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2026-04-29 | 5.0 MEDIUM | N/A |
| Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. | |||||
| CVE-2012-6539 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 1.9 LOW | N/A |
| The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-1665 | 1 Openstack | 2 Folsom, Keystone Essex | 2026-04-29 | 5.0 MEDIUM | N/A |
| The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | |||||
| CVE-2012-6536 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 2.1 LOW | N/A |
| net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. | |||||
| CVE-2012-1223 | 1 Rabidhamster | 1 R2\/extreme | 2026-04-29 | 5.0 MEDIUM | N/A |
| RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||||
| CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2026-04-29 | 5.0 MEDIUM | N/A |
| Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | |||||
| CVE-2010-3875 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-29 | 2.1 LOW | N/A |
| The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. | |||||
| CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-5183 | 1 Apple | 1 Mac Os X | 2026-04-29 | 2.6 LOW | N/A |
| Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-3502 | 1 Cogentdatahub | 1 Cogent Datahub | 2026-04-29 | 5.0 MEDIUM | N/A |
| The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | |||||
| CVE-2011-3791 | 1 Matomo | 1 Matomo | 2026-04-29 | 5.0 MEDIUM | N/A |
| Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | |||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2026-04-29 | 4.0 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-3708 | 1 Automne-cms | 1 Automne | 2026-04-29 | 5.0 MEDIUM | N/A |
| Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | |||||
| CVE-2010-2226 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2026-04-29 | 2.1 LOW | N/A |
| The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. | |||||
| CVE-2013-3643 | 1 Adgjm | 1 Galapagos Browser | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-6515 | 1 Efrontlearning | 1 Efront | 2026-04-29 | 5.0 MEDIUM | N/A |
| eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. | |||||