Export limit exceeded: 10441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10441 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5130 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | ||||
| CVE-2013-5054 | 1 Microsoft | 2 Office, Office 2013 Rt | 2025-04-11 | N/A |
| Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability." | ||||
| CVE-2013-5008 | 1 Symantec | 1 Management Platform | 2025-04-11 | N/A |
| The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | ||||
| CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | ||||
| CVE-2013-4999 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | ||||
| CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | ||||
| CVE-2013-4961 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | ||||
| CVE-2013-4832 | 1 Hp | 1 Service Manager | 2025-04-11 | N/A |
| HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4829 | 1 Hp | 22 Color Laserjet Cm4540, Color Laserjet Cm4540f, Color Laserjet Cm4540fskm and 19 more | 2025-04-11 | N/A |
| HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors. | ||||
| CVE-2013-4826 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647. | ||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2025-04-11 | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | ||||
| CVE-2013-4242 | 5 Canonical, Debian, Gnupg and 2 more | 6 Ubuntu Linux, Debian Linux, Gnupg and 3 more | 2025-04-11 | N/A |
| GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. | ||||
| CVE-2013-4208 | 2 Putty, Simon Tatham | 2 Putty, Putty | 2025-04-11 | N/A |
| The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. | ||||
| CVE-2013-4183 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2025-04-11 | N/A |
| The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4165 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-11 | N/A |
| The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack. | ||||
| CVE-2013-4112 | 2 Jgroups, Redhat | 5 Jgroup, Jboss Data Grid, Jboss Enterprise Application Platform and 2 more | 2025-04-11 | N/A |
| The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | ||||
| CVE-2013-4070 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | N/A |
| The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | ||||
| CVE-2013-4069 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | N/A |
| The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-4044 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | N/A |
| IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. | ||||