Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6543 | 1 Linux | 1 Linux Kernel | 2013-03-18 | 1.9 LOW | N/A |
| The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-2371 | 1 Tibco | 1 Spotfire Statistics Services | 2013-03-17 | 5.0 MEDIUM | N/A |
| The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request. | |||||
| CVE-2013-1140 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2013-03-06 | 4.3 MEDIUM | N/A |
| The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. | |||||
| CVE-2012-5561 | 1 Katello | 1 Katello | 2013-03-01 | 2.1 LOW | N/A |
| script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. | |||||
| CVE-2013-0704 | 1 Gree | 1 Gree | 2013-02-15 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications. | |||||
| CVE-2012-5625 | 1 Openstack | 2 Folsom, Grizzly | 2013-02-14 | 4.3 MEDIUM | N/A |
| OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | |||||
| CVE-2013-1402 | 1 Digitiliti | 1 Digilibe | 2013-02-14 | 5.0 MEDIUM | N/A |
| DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. | |||||
| CVE-2013-1107 | 1 Cisco | 1 Webex Social | 2013-02-06 | 4.0 MEDIUM | N/A |
| The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | |||||
| CVE-2011-1350 | 1 Google | 1 Android | 2013-02-06 | 7.1 HIGH | N/A |
| The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. | |||||
| CVE-2012-3419 | 1 Sgi | 1 Performance Co-pilot | 2013-02-06 | 5.0 MEDIUM | N/A |
| Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||||
| CVE-2012-6515 | 1 Efrontlearning | 1 Efront | 2013-01-28 | 5.0 MEDIUM | N/A |
| eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. | |||||
| CVE-2012-6441 | 1 Rockwellautomation | 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more | 2013-01-25 | 5.0 MEDIUM | N/A |
| Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. | |||||
| CVE-2013-0631 | 1 Adobe | 1 Coldfusion | 2013-01-17 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2012-5180 | 1 Opera | 2 Opera Mini, Opera Mobile | 2013-01-07 | 4.3 MEDIUM | N/A |
| The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-5182 | 1 Naver | 1 Loctouch | 2013-01-07 | 4.3 MEDIUM | N/A |
| The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | |||||
| CVE-2012-5183 | 1 Naver | 1 Loctouch | 2013-01-07 | 2.6 LOW | N/A |
| The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | |||||
| CVE-2012-5868 | 1 Wordpress | 1 Wordpress | 2013-01-07 | 2.6 LOW | N/A |
| WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. | |||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2013-01-07 | 4.0 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2010-3245 | 1 Blackboard | 1 Transact Suite | 2013-01-03 | 2.1 LOW | N/A |
| The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2012-1249 | 2 Google, Lunascape | 2 Android, Ilunascape Android | 2013-01-03 | 5.0 MEDIUM | N/A |
| The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. | |||||