Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3714 | 1 Apple | 1 Safari | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | |||||
| CVE-2012-3724 | 1 Apple | 1 Iphone Os | 2017-08-28 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | |||||
| CVE-2012-3725 | 1 Apple | 1 Iphone Os | 2017-08-28 | 3.3 LOW | N/A |
| The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. | |||||
| CVE-2012-3733 | 1 Apple | 1 Iphone Os | 2017-08-28 | 4.3 MEDIUM | N/A |
| Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | |||||
| CVE-2012-3735 | 1 Apple | 1 Iphone Os | 2017-08-28 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. | |||||
| CVE-2012-4197 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.0 MEDIUM | N/A |
| Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action. | |||||
| CVE-2012-4199 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 4.3 MEDIUM | N/A |
| template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code. | |||||
| CVE-2012-4254 | 1 Mysqldumper | 1 Mysqldumper | 2017-08-28 | 4.3 MEDIUM | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | |||||
| CVE-2012-4256 | 2 Joobi, Joomla | 2 Com Jnews, Joomla\! | 2017-08-28 | 5.0 MEDIUM | N/A |
| The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | |||||
| CVE-2012-4257 | 1 George Karpouzas | 1 Yet Another Question \& Answer System | 2017-08-28 | 5.0 MEDIUM | N/A |
| Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. | |||||
| CVE-2012-4429 | 1 David King | 1 Vino | 2017-08-28 | 5.0 MEDIUM | N/A |
| Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-28 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2012-4605 | 1 Websense | 1 Websense Email Security | 2017-08-28 | 5.0 MEDIUM | N/A |
| The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2012-4832 | 1 Ibm | 2 Infosphere Business Glossary, Infosphere Information Server | 2017-08-28 | 1.9 LOW | N/A |
| Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2012-4846 | 1 Ibm | 1 Lotus Notes | 2017-08-28 | 4.3 MEDIUM | N/A |
| IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. | |||||
| CVE-2012-4837 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-28 | 4.0 MEDIUM | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | |||||
| CVE-2012-5516 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-28 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-5652 | 1 Drupal | 1 Drupal | 2017-08-28 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||||
| CVE-2012-5765 | 1 Ibm | 1 Rational Clearquest | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | |||||
| CVE-2012-5884 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.0 MEDIUM | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. | |||||