Total
9172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1311 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | |||||
| CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | |||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-0852 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | 5.0 MEDIUM | N/A |
| showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | |||||
| CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||||
| CVE-2008-5099 | 1 Sun | 1 Logical Domain Manager | 2025-04-09 | 4.6 MEDIUM | N/A |
| Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | |||||
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2025-04-09 | 2.1 LOW | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | |||||
| CVE-2008-3962 | 1 Ssmtp | 1 Ssmtp | 2025-04-09 | 2.6 LOW | N/A |
| The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | |||||
| CVE-2008-3900 | 1 Intel | 1 Bios | 2025-04-09 | 2.1 LOW | N/A |
| Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | |||||
| CVE-2008-6872 | 1 Aspthai.net | 1 Aspthai Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | |||||
| CVE-2009-0815 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | |||||
| CVE-2008-1598 | 1 Ibm | 1 Aix | 2025-04-09 | 4.7 MEDIUM | N/A |
| The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-3001 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. | |||||
| CVE-2008-3899 | 1 Truecrypt Foundation | 1 Truecrypt | 2025-04-09 | 2.1 LOW | N/A |
| TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability. | |||||
| CVE-2008-5341 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | |||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2007-5473 | 2 Microsoft, Mono | 2 Windows, Mono | 2025-04-09 | 5.0 MEDIUM | N/A |
| StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. | |||||
| CVE-2008-4115 | 1 Talkback | 1 Talkback | 2025-04-09 | 5.0 MEDIUM | N/A |
| TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||