Total
8115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5126 | 1 Bluecoat | 1 Sgos | 2025-04-11 | 5.0 MEDIUM | N/A |
| Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. | |||||
| CVE-2013-3224 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2025-04-11 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2008-7281 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.3 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field. | |||||
| CVE-2010-4781 | 1 Enanocms | 1 Enano Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
| index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message. | |||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | 2.1 LOW | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | |||||
| CVE-2011-3163 | 1 Hp | 1 Multifunction Peripheral Digital Sending Software | 2025-04-11 | 1.2 LOW | N/A |
| HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. | |||||
| CVE-2012-5554 | 2 Coleman Watts, Drupal | 2 Webform Civicrm, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. | |||||
| CVE-2011-1171 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. | |||||
| CVE-2012-5868 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. | |||||
| CVE-2011-4852 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2012-0799 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | |||||
| CVE-2011-3733 | 1 Elgg | 1 Elgg | 2025-04-11 | 5.0 MEDIUM | N/A |
| Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. | |||||
| CVE-2012-3419 | 1 Sgi | 1 Performance Co-pilot | 2025-04-11 | 5.0 MEDIUM | N/A |
| Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||||
| CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2025-04-11 | 5.0 MEDIUM | N/A |
| Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | |||||
| CVE-2011-1672 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. | |||||
| CVE-2011-3824 | 1 Yourls | 1 Yourls | 2025-04-11 | 5.0 MEDIUM | N/A |
| Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. | |||||
| CVE-2012-6140 | 1 Google | 1 Authenticator | 2025-04-11 | 1.9 LOW | N/A |
| pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258. | |||||
| CVE-2011-3264 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 5.0 MEDIUM | N/A |
| Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message. | |||||
| CVE-2011-3756 | 1 Microblog | 1 Microblog | 2025-04-11 | 5.0 MEDIUM | N/A |
| MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | |||||