Search Results (10766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4165 1 Bitcoin 1 Bitcoin Core 2025-04-11 N/A
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
CVE-2012-1464 1 Netmechanica 1 Netdecision 2025-04-11 N/A
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information.
CVE-2012-1243 2 Google, Studiohitori 2 Android, Twitrocker2 Android 2025-04-11 N/A
The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2013-2371 1 Tibco 1 Spotfire Statistics Services 2025-04-11 N/A
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
CVE-2012-0961 1 Debian 2 Advanced Package Tool, Apt 2025-04-11 N/A
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
CVE-2012-0959 1 Remote Login Service Hackers 1 Remote Login Service 2025-04-11 N/A
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
CVE-2013-2273 1 Bitcoin 3 Bitcoin-qt, Bitcoin Core, Bitcoind 2025-04-11 N/A
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
CVE-2013-3823 1 Oracle 1 Supply Chain Products Suite 2025-04-11 N/A
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
CVE-2013-5422 1 Ibm 1 Rational Clearcase 2025-04-11 N/A
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.
CVE-2012-6097 1 Fedorahosted 1 Cronie 2025-04-11 N/A
File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
CVE-2012-0731 1 Ibm 1 Rational Appscan 2025-04-11 N/A
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-6469 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
CVE-2012-0456 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
CVE-2013-4272 2 Botcha Spam Prevention Project, Drupal 2 Botcha, Drupal 2025-04-11 N/A
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file.
CVE-2013-4044 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request.
CVE-2013-4043 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.
CVE-2011-4897 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.
CVE-2013-4024 1 Ibm 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more 2025-04-11 N/A
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.
CVE-2011-4896 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.
CVE-2011-4895 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.