Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0025 | 1 Microsoft | 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." | |||||
| CVE-2010-0463 | 1 Horde | 1 Imp | 2025-04-11 | 5.0 MEDIUM | N/A |
| Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | |||||
| CVE-2010-3245 | 1 Blackboard | 1 Transact Suite | 2025-04-11 | 2.1 LOW | N/A |
| The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2012-1586 | 1 Debian | 1 Cifs-utils | 2025-04-11 | 2.1 LOW | N/A |
| mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | |||||
| CVE-2013-1944 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2025-04-11 | 5.0 MEDIUM | N/A |
| The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | |||||
| CVE-2012-4199 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
| template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code. | |||||
| CVE-2011-4866 | 2 Android, Kaixin001 | 2 Android, Kaixin001 | 2025-04-11 | 6.4 MEDIUM | N/A |
| The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | |||||
| CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||||
| CVE-2013-7299 | 1 Tntnet | 1 Tntnet | 2025-04-11 | 5.0 MEDIUM | N/A |
| framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests. | |||||
| CVE-2012-3581 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | 3.3 LOW | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | |||||
| CVE-2010-1636 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor. | |||||
| CVE-2010-3280 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2025-04-11 | 6.9 MEDIUM | N/A |
| The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. | |||||
| CVE-2013-1030 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
| mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2010-2333 | 1 Litespeedtech | 1 Litespeed Web Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. | |||||
| CVE-2013-4780 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-6097 | 1 Fedorahosted | 1 Cronie | 2025-04-11 | 4.3 MEDIUM | N/A |
| File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. | |||||
| CVE-2013-4165 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-11 | 4.3 MEDIUM | N/A |
| The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack. | |||||
| CVE-2011-3698 | 1 Adaptcms | 1 Adaptcms | 2025-04-11 | 5.0 MEDIUM | N/A |
| AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files. | |||||
| CVE-2011-4760 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 5.0 MEDIUM | N/A |
| Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. | |||||
| CVE-2013-4299 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 6.0 MEDIUM | N/A |
| Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | |||||