Total
9151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2815 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. | |||||
| CVE-2010-0004 | 1 Viewvc | 1 Viewvc | 2025-04-11 | 5.0 MEDIUM | N/A |
| ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view. | |||||
| CVE-2011-3708 | 1 Automne-cms | 1 Automne | 2025-04-11 | 5.0 MEDIUM | N/A |
| Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php. | |||||
| CVE-2011-1810 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-2420 | 2 Intuit, Microsoft | 2 Quickbooks, Internet Explorer | 2025-04-11 | 1.8 LOW | N/A |
| The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its (1) last or (2) second-to-last character, in situations where a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur. | |||||
| CVE-2011-3723 | 1 Craftysyntax | 1 Crafty Syntax | 2025-04-11 | 5.0 MEDIUM | N/A |
| Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | |||||
| CVE-2013-4043 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 5.0 MEDIUM | N/A |
| The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. | |||||
| CVE-2010-0667 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | 5.0 MEDIUM | N/A |
| MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-3734 | 1 Energine | 1 Energine | 2025-04-11 | 5.0 MEDIUM | N/A |
| Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files. | |||||
| CVE-2011-1190 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | |||||
| CVE-2012-2646 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-5245 | 1 Redhat | 1 Resteasy | 2025-04-11 | 5.0 MEDIUM | N/A |
| The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | |||||
| CVE-2011-3497 | 1 Measuresoft | 1 Scadapro | 2025-04-11 | 10.0 HIGH | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | |||||
| CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure | |||||
| CVE-2010-2754 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
| dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | |||||
| CVE-2012-2645 | 2 Google, Yahoo | 2 Android, Yahoo\! Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||||
| CVE-2013-3909 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2009-4812 | 1 Wolfram | 1 Webmathematica | 2025-04-11 | 5.0 MEDIUM | N/A |
| Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message. | |||||
| CVE-2011-1788 | 1 Vmware | 1 Vcenter | 2025-04-11 | 2.1 LOW | N/A |
| vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | |||||