Total
10305 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0218 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2025-04-11 | N/A |
| The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. | ||||
| CVE-2011-4232 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | N/A |
| The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. | ||||
| CVE-2012-3502 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. | ||||
| CVE-2009-4844 | 1 Toutvirtual | 1 Virtualiq | 2025-04-11 | N/A |
| ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. | ||||
| CVE-2011-1190 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | N/A |
| The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | ||||
| CVE-2011-0711 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-11 | N/A |
| The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. | ||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2011-2204 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2012-5182 | 1 Naver | 1 Loctouch | 2025-04-11 | N/A |
| The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | ||||
| CVE-2010-0463 | 1 Horde | 1 Imp | 2025-04-11 | N/A |
| Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | ||||
| CVE-2011-4129 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | N/A |
| (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-6113 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. | ||||
| CVE-2011-1687 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. | ||||
| CVE-2013-0349 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. | ||||
| CVE-2011-1725 | 1 Hp | 1 Network Automation | 2025-04-11 | N/A |
| Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2011-2598 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. | ||||
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | ||||
| CVE-2010-0464 | 1 Roundcube | 1 Webmail | 2025-04-11 | N/A |
| Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | ||||
| CVE-2010-0494 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more | 2025-04-11 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." | ||||
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | ||||