Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | |||||
| CVE-2011-3708 | 1 Automne-cms | 1 Automne | 2024-02-04 | 5.0 MEDIUM | N/A |
| Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | |||||
| CVE-2011-3823 | 1 Yamamah | 1 Yamamah | 2024-02-04 | 5.0 MEDIUM | N/A |
| Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files. | |||||
| CVE-2011-3163 | 1 Hp | 1 Multifunction Peripheral Digital Sending Software | 2024-02-04 | 1.2 LOW | N/A |
| HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. | |||||
| CVE-2010-0642 | 1 Cisco | 1 Collaboration Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components. | |||||
| CVE-2011-3758 | 1 Moundlabs | 1 \ | 2024-02-04 | 5.0 MEDIUM | N/A |
| ::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.php and certain other files. | |||||
| CVE-2011-3801 | 1 Simpletest | 1 Simpletest | 2024-02-04 | 5.0 MEDIUM | N/A |
| SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | |||||
| CVE-2010-4076 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 1.9 LOW | N/A |
| The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. | |||||
| CVE-2011-3701 | 1 Alegrocart | 1 Alegrocart | 2024-02-04 | 5.0 MEDIUM | N/A |
| AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files. | |||||
| CVE-2011-0579 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-3388 | 1 Opera | 1 Opera Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
| Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site. | |||||
| CVE-2010-3417 | 1 Google | 1 Chrome | 2024-02-04 | 5.0 MEDIUM | N/A |
| Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. | |||||
| CVE-2010-2101 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-3325 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." | |||||
| CVE-2010-2943 | 4 Avaya, Canonical, Linux and 1 more | 10 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 7 more | 2024-02-04 | 6.4 MEDIUM | 8.1 HIGH |
| The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. | |||||
| CVE-2011-3721 | 1 Concrete5 | 1 Concrete | 2024-02-04 | 5.0 MEDIUM | N/A |
| concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files. | |||||
| CVE-2011-2076 | 1 Inventivetec | 1 Mediacast | 2024-02-04 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216. | |||||
| CVE-2010-4158 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2024-02-04 | 2.1 LOW | N/A |
| The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. | |||||
| CVE-2011-3778 | 1 Phpgedview | 1 Phpgedview | 2024-02-04 | 5.0 MEDIUM | N/A |
| PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files. | |||||
| CVE-2011-4731 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. | |||||