Export limit exceeded: 10192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10192 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1231 | 1 Cisco | 2 Webex Meetings Server, Webex Node For Mcs | 2025-04-11 | N/A |
| The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. | ||||
| CVE-2013-1944 | 3 Canonical, Haxx, Redhat | 4 Ubuntu Linux, Curl, Libcurl and 1 more | 2025-04-11 | N/A |
| The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | ||||
| CVE-2013-1442 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. | ||||
| CVE-2010-5292 | 1 Amberdms | 1 Amberdms Billing System | 2025-04-11 | N/A |
| Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | ||||
| CVE-2013-1832 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. | ||||
| CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | ||||
| CVE-2013-2006 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | ||||
| CVE-2013-4361 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. | ||||
| CVE-2013-4826 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647. | ||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | ||||
| CVE-2013-5054 | 1 Microsoft | 2 Office, Office 2013 Rt | 2025-04-11 | N/A |
| Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability." | ||||
| CVE-2013-5452 | 1 Ibm | 1 Filenet Business Process Framework | 2025-04-11 | N/A |
| IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-5490 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. | ||||
| CVE-2014-0806 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2025-04-11 | N/A |
| The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls. | ||||
| CVE-2011-4897 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | ||||
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | ||||
| CVE-2010-4525 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Virtualization | 2025-04-11 | N/A |
| Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | ||||
| CVE-2010-4600 | 2 Dojofoundation, Ibm | 2 Dojo Toolkit, Rational Clearquest | 2025-04-11 | N/A |
| Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. | ||||
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | ||||
| CVE-2010-4401 | 1 Dynpg | 1 Dynpg | 2025-04-11 | N/A |
| languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | ||||