Export limit exceeded: 10828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10828 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2731 2 Drupal, Richardo Ante 2 Drupal, Ubercart Ajax Cart 2025-04-11 N/A
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
CVE-2010-1860 1 Php 1 Php 2025-04-11 N/A
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
CVE-2009-5122 1 Websense 1 Websense Email Security 2025-04-11 N/A
The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query.
CVE-2012-3714 1 Apple 1 Safari 2025-04-11 N/A
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
CVE-2011-3452 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
CVE-2010-0042 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
CVE-2011-3447 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
CVE-2011-3441 1 Apple 1 Iphone Os 2025-04-11 N/A
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
CVE-2013-3235 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2009-5101 1 Pentaho 1 Bi Server 2025-04-11 N/A
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
CVE-2013-1297 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
CVE-2009-5035 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages.
CVE-2012-0010 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."
CVE-2010-3902 1 Infradead 1 Openconnect 2025-04-11 N/A
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
CVE-2011-1202 3 Google, Redhat, Xmlsoft 3 Chrome, Enterprise Linux, Libxslt 2025-04-11 N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2010-2943 5 Avaya, Canonical, Linux and 2 more 11 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 8 more 2025-04-11 8.1 High
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
CVE-2010-4781 1 Enanocms 1 Enano Cms 2025-04-11 N/A
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
CVE-2012-2854 4 Apple, Google, Linux and 1 more 5 Mac Os X, Chrome, Frame and 2 more 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
CVE-2010-4158 5 Fedoraproject, Linux, Opensuse and 2 more 9 Fedora, Linux Kernel, Opensuse and 6 more 2025-04-11 N/A
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
CVE-2009-4844 1 Toutvirtual 1 Virtualiq 2025-04-11 N/A
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request.