Export limit exceeded: 23304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10776 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0006 2 Openstack, Redhat 2 Swift, Openstack 2025-04-11 N/A
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
CVE-2012-3798 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
CVE-2012-3749 1 Apple 1 Iphone Os 2025-04-11 N/A
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
CVE-2012-3718 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
CVE-2013-7005 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2025-04-11 N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
CVE-2012-3714 1 Apple 1 Safari 2025-04-11 N/A
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
CVE-2013-4590 4 Apache, Debian, Oracle and 1 more 5 Tomcat, Debian Linux, Solaris and 2 more 2025-04-11 N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-3650 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2013-3713 1 Opensuse 1 Opensuse 2025-04-11 N/A
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.
CVE-2012-3529 1 Typo3 1 Typo3 2025-04-11 N/A
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
CVE-2013-6972 1 Cisco 1 Webex Training Center 2025-04-11 N/A
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
CVE-2013-3643 1 Adgjm 1 Galapagos Browser 2025-04-11 N/A
The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
CVE-2012-2854 4 Apple, Google, Linux and 1 more 5 Mac Os X, Chrome, Frame and 2 more 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
CVE-2013-6791 1 Microsoft 1 Enhanced Mitigation Experience Toolkit 2025-04-11 N/A
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
CVE-2012-2646 1 Fenrir-inc 1 Sleipnir Mobile 2025-04-11 N/A
The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2013-6709 1 Cisco 1 Webex Training Center 2025-04-11 N/A
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
CVE-2013-0519 1 Ibm 1 Sterling Secure Proxy 2025-04-11 N/A
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.
CVE-2012-2387 1 Debian 1 Devotee 2025-04-11 N/A
devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack.
CVE-2012-2922 1 Drupal 1 Drupal 2025-04-11 N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-2327 1 Mybb 1 Mybb 2025-04-11 N/A
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.