Export limit exceeded: 25349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4112 | 2 Jgroups, Redhat | 5 Jgroup, Jboss Data Grid, Jboss Enterprise Application Platform and 2 more | 2025-04-11 | N/A |
| The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | ||||
| CVE-2011-1712 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | N/A |
| The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||||
| CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2025-04-11 | N/A |
| client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | ||||
| CVE-2011-4755 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | N/A |
| Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. | ||||
| CVE-2011-1713 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2025-04-11 | N/A |
| Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. | ||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2025-04-11 | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | ||||
| CVE-2013-4183 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2025-04-11 | N/A |
| The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | ||||
| CVE-2011-4748 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. | ||||
| CVE-2013-4208 | 2 Putty, Simon Tatham | 2 Putty, Putty | 2025-04-11 | N/A |
| The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. | ||||
| CVE-2011-1739 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. | ||||
| CVE-2011-4742 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. | ||||
| CVE-2013-4242 | 5 Canonical, Debian, Gnupg and 2 more | 6 Ubuntu Linux, Debian Linux, Gnupg and 3 more | 2025-04-11 | N/A |
| GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. | ||||
| CVE-2011-1751 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-11 | N/A |
| The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." | ||||
| CVE-2011-4741 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. | ||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2025-04-11 | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | ||||
| CVE-2013-4283 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. | ||||
| CVE-2013-4295 | 1 Apache | 1 Shindig | 2025-04-11 | N/A |
| The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-4299 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2025-04-11 | N/A |
| Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | ||||
| CVE-2011-1788 | 1 Vmware | 1 Vcenter | 2025-04-11 | N/A |
| vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | ||||