Total
7894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2863 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2011-2480 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. | |||||
| CVE-2011-2343 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | |||||
| CVE-2011-1934 | 2 Debian, Lilo Project | 2 Debian Linux, Lilo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. | |||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | |||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
| CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | |||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2010-1432 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | |||||
| CVE-2024-8979 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-19 | N/A | 5.7 MEDIUM |
| The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client. | |||||
| CVE-2024-8978 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-19 | N/A | 5.7 MEDIUM |
| The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration. | |||||
| CVE-2020-3525 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-52523 | 2024-11-18 | N/A | 4.6 MEDIUM | ||
| Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2. | |||||
| CVE-2024-52508 | 2024-11-18 | N/A | 8.2 HIGH | ||
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0. | |||||
| CVE-2022-20648 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-52513 | 2024-11-18 | N/A | 2.6 LOW | ||
| Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1. | |||||
| CVE-2024-47532 | 1 Zope | 1 Restrictedpython | 2024-11-15 | N/A | 6.5 MEDIUM |
| RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. | |||||