Total
8255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4625 | 1 Mybb | 1 Mybb | 2025-04-11 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | |||||
| CVE-2012-6540 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-2308 | 1 Softbanktech | 1 Online Service Gate | 2025-04-11 | 4.0 MEDIUM | N/A |
| The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors. | |||||
| CVE-2012-1896 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." | |||||
| CVE-2011-0711 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2025-04-11 | 2.1 LOW | N/A |
| The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. | |||||
| CVE-2012-4012 | 1 Cybozu | 1 Kunai | 2025-04-11 | 4.3 MEDIUM | N/A |
| The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||
| CVE-2011-3770 | 1 Phpalbum | 1 Phpalbum | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. | |||||
| CVE-2013-3713 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 4.4 MEDIUM | N/A |
| The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow. | |||||
| CVE-2012-1873 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." | |||||
| CVE-2010-0003 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-11 | 5.4 MEDIUM | N/A |
| The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. | |||||
| CVE-2012-2165 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
| IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. | |||||
| CVE-2011-3785 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | |||||
| CVE-2012-6541 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-0961 | 1 Debian | 2 Advanced Package Tool, Apt | 2025-04-11 | 2.1 LOW | N/A |
| Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | |||||
| CVE-2011-3733 | 1 Elgg | 1 Elgg | 2025-04-11 | 5.0 MEDIUM | N/A |
| Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. | |||||
| CVE-2013-5454 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. | |||||
| CVE-2011-4765 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. | |||||
| CVE-2010-0041 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | |||||
| CVE-2012-6539 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-6469 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
| Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |||||