Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2011-02-17 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||||
| CVE-2009-1718 | 1 Apple | 1 Safari | 2011-02-17 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | |||||
| CVE-2009-1703 | 1 Apple | 1 Safari | 2011-02-17 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | |||||
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2011-01-22 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | |||||
| CVE-2010-4112 | 1 Hp | 1 Insight Management Agents | 2011-01-11 | 5.0 MEDIUM | N/A |
| HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path. | |||||
| CVE-2010-0549 | 1 Xerox | 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software | 2011-01-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." | |||||
| CVE-2010-4600 | 2 Dojofoundation, Ibm | 2 Dojo Toolkit, Rational Clearquest | 2011-01-04 | 5.0 MEDIUM | N/A |
| Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. | |||||
| CVE-2010-4608 | 1 Habariproject | 1 Habari | 2010-12-30 | 5.0 MEDIUM | N/A |
| Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message. | |||||
| CVE-2009-5035 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.3 MEDIUM | N/A |
| The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | |||||
| CVE-2010-3062 | 1 Php | 1 Php | 2010-12-07 | 5.0 MEDIUM | N/A |
| mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. | |||||
| CVE-2010-4354 | 1 Cisco | 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more | 2010-12-01 | 5.0 MEDIUM | N/A |
| The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | |||||
| CVE-2010-3796 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-11-17 | 4.3 MEDIUM | N/A |
| Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. | |||||
| CVE-2010-4011 | 1 Apple | 1 Mac Os X Server | 2010-11-17 | 4.0 MEDIUM | N/A |
| Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." | |||||
| CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2010-11-03 | 5.0 MEDIUM | N/A |
| The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | |||||
| CVE-2010-3979 | 1 Sap | 1 Businessobjects | 2010-10-19 | 5.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | |||||
| CVE-2010-0653 | 1 Opera | 1 Opera Browser | 2010-09-21 | 4.3 MEDIUM | N/A |
| Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | |||||
| CVE-2010-3018 | 1 Rsa | 1 Access Manager Server | 2010-09-10 | 4.3 MEDIUM | N/A |
| RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-3244 | 1 Blackboard | 1 Transact Suite | 2010-09-08 | 4.6 MEDIUM | N/A |
| BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field. | |||||
| CVE-2010-2758 | 1 Mozilla | 1 Bugzilla | 2010-09-08 | 5.0 MEDIUM | N/A |
| Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. | |||||
| CVE-2010-1800 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2010-08-26 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. | |||||