Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4837 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 4.0 MEDIUM | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | |||||
| CVE-2012-5652 | 1 Drupal | 1 Drupal | 2017-08-29 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||||
| CVE-2012-5516 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-6049 | 1 Opensolution | 1 Quick.cart | 2017-08-29 | 5.0 MEDIUM | N/A |
| Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message. | |||||
| CVE-2012-3724 | 1 Apple | 1 Iphone Os | 2017-08-29 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | |||||
| CVE-2012-4197 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 5.0 MEDIUM | N/A |
| Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action. | |||||
| CVE-2012-4429 | 1 David King | 1 Vino | 2017-08-29 | 5.0 MEDIUM | N/A |
| Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. | |||||
| CVE-2012-5890 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | |||||
| CVE-2012-5765 | 1 Ibm | 1 Rational Clearquest | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | |||||
| CVE-2012-3733 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | |||||
| CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2017-08-29 | 5.0 MEDIUM | N/A |
| Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | |||||
| CVE-2012-4256 | 2 Joobi, Joomla | 2 Com Jnews, Joomla\! | 2017-08-29 | 5.0 MEDIUM | N/A |
| The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2012-4846 | 1 Ibm | 1 Lotus Notes | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. | |||||
| CVE-2012-4605 | 1 Websense | 1 Websense Email Security | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2012-4257 | 1 George Karpouzas | 1 Yet Another Question \& Answer System | 2017-08-29 | 5.0 MEDIUM | N/A |
| Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. | |||||
| CVE-2012-3725 | 1 Apple | 1 Iphone Os | 2017-08-29 | 3.3 LOW | N/A |
| The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. | |||||
| CVE-2012-3735 | 1 Apple | 1 Iphone Os | 2017-08-29 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. | |||||
| CVE-2012-4832 | 1 Ibm | 2 Infosphere Business Glossary, Infosphere Information Server | 2017-08-29 | 1.9 LOW | N/A |
| Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2012-5916 | 1 Neocrome | 1 Seditio | 2017-08-29 | 5.0 MEDIUM | N/A |
| Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | |||||