Total
8242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3248 | 1 Hp | 1 Fortify Software Security Center | 2024-02-04 | 5.0 MEDIUM | N/A |
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2013-5130 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | |||||
CVE-2012-6113 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. | |||||
CVE-2013-3428 | 1 Cisco | 1 Secure Access Control System | 2024-02-04 | 4.0 MEDIUM | N/A |
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | |||||
CVE-2013-2202 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-0584 | 1 Ibm | 1 Infosphere Replication Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors. | |||||
CVE-2013-2006 | 1 Openstack | 1 Keystone | 2024-02-04 | 2.1 LOW | N/A |
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | |||||
CVE-2012-1920 | 1 Atmail | 1 Atmail Open | 2024-02-04 | 5.0 MEDIUM | N/A |
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||
CVE-2012-5624 | 3 Canonical, Digia, Qt | 3 Ubuntu Linux, Qt, Qt | 2024-02-04 | 4.3 MEDIUM | N/A |
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. | |||||
CVE-2012-5055 | 1 Vmware | 1 Springsource Spring Security | 2024-02-04 | 5.0 MEDIUM | N/A |
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | |||||
CVE-2012-6541 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 1.9 LOW | N/A |
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
CVE-2011-2707 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 3.6 LOW | 6.0 MEDIUM |
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. | |||||
CVE-2013-0944 | 1 Emc | 1 Avamar | 2024-02-04 | 3.5 LOW | N/A |
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
CVE-2013-5994 | 1 Lockon | 1 Ec-cube | 2024-02-04 | 5.0 MEDIUM | N/A |
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
CVE-2012-4254 | 1 Mysqldumper | 1 Mysqldumper | 2024-02-04 | 4.3 MEDIUM | N/A |
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | |||||
CVE-2012-4503 | 1 Tuxfamily | 1 Chrony | 2024-02-04 | 5.0 MEDIUM | N/A |
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. | |||||
CVE-2013-6014 | 1 Juniper | 1 Junos | 2024-02-04 | 6.1 MEDIUM | 9.3 CRITICAL |
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. | |||||
CVE-2013-2848 | 1 Google | 1 Chrome | 2024-02-04 | 5.0 MEDIUM | N/A |
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2013-5008 | 1 Symantec | 1 Management Platform | 2024-02-04 | 4.6 MEDIUM | N/A |
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | |||||
CVE-2013-4522 | 1 Moodle | 1 Moodle | 2024-02-04 | 5.0 MEDIUM | N/A |
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server. |