Export limit exceeded: 14133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24483 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3353 | 1 Apache | 1 Sling Jcr Contentloader | 2024-11-21 | N/A |
| The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader | ||||
| CVE-2012-3338 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286. | ||||
| CVE-2012-3331 | 1 Ibm | 1 Sametime | 2024-11-21 | N/A |
| IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. | ||||
| CVE-2012-2724 | 1 Md-systems | 1 Simplenews | 2024-11-21 | 5.3 Medium |
| The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. | ||||
| CVE-2012-2350 | 2 Debian, Pam Shield Project | 2 Debian Linux, Pam Shield | 2024-11-21 | 7.5 High |
| pam_shield before 0.9.4: Default configuration does not perform protective action | ||||
| CVE-2012-2248 | 2 Debian, Dhclient Project | 2 Debian Linux, Dhclient | 2024-11-21 | 8.1 High |
| An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | ||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 5.7 Medium |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | ||||
| CVE-2012-1326 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 7.4 High |
| Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | ||||
| CVE-2012-1169 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.3 Medium |
| Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | ||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 8.2 High |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | ||||
| CVE-2012-1161 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | ||||
| CVE-2012-1159 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Moodle before 2.2.2: Overview report allows users to see hidden courses | ||||
| CVE-2012-1158 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | ||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2024-11-21 | 7.5 High |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | ||||
| CVE-2012-1105 | 3 Apereo, Debian, Fedoraproject | 3 Phpcas, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | ||||
| CVE-2012-1094 | 1 Redhat | 1 Jboss Application Server | 2024-11-21 | 7.5 High |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | ||||
| CVE-2012-10016 | 1 Halulu | 1 Simple-download-button-shortcode | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. | ||||
| CVE-2012-0844 | 2 Debian, Netsurf-browser | 2 Debian Linux, Netsurf | 2024-11-21 | 5.5 Medium |
| Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | ||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2024-11-21 | 5.5 Medium |
| uzbl: Information disclosure via world-readable cookies storage file | ||||
| CVE-2012-0842 | 2 Debian, Suckless | 2 Debian Linux, Surf | 2024-11-21 | 5.5 Medium |
| surf: cookie jar has read access from other local user | ||||