Export limit exceeded: 10714 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10714 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4046 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. | ||||
| CVE-2010-2758 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. | ||||
| CVE-2010-4354 | 1 Cisco | 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more | 2025-04-11 | N/A |
| The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | ||||
| CVE-2012-0421 | 1 Novell | 1 Suse Audit Log Keeper | 2025-04-11 | N/A |
| The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. | ||||
| CVE-2010-4565 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. | ||||
| CVE-2010-2859 | 1 Boesch-it | 1 Simpnews | 2025-04-11 | N/A |
| news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. | ||||
| CVE-2010-4011 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." | ||||
| CVE-2010-3062 | 1 Php | 1 Php | 2025-04-11 | N/A |
| mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. | ||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | ||||
| CVE-2014-1234 | 1 Paratrooper-newrelic Project | 1 Paratrooper-newrelic | 2025-04-11 | N/A |
| The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. | ||||
| CVE-2010-3280 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2025-04-11 | N/A |
| The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. | ||||
| CVE-2012-5765 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | ||||
| CVE-2009-4511 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php. | ||||
| CVE-2012-6466 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. | ||||
| CVE-2010-2787 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim. | ||||
| CVE-2012-3094 | 2 Cisco, Linux | 2 Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-11 | N/A |
| The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. | ||||
| CVE-2010-3348 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. | ||||
| CVE-2010-4349 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | ||||
| CVE-2013-4569 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page. | ||||
| CVE-2011-5067 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | N/A |
| move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | ||||