Export limit exceeded: 10142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4829 | 1 Hp | 22 Color Laserjet Cm4540, Color Laserjet Cm4540f, Color Laserjet Cm4540fskm and 19 more | 2025-04-11 | N/A |
| HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors. | ||||
| CVE-2013-4832 | 1 Hp | 1 Service Manager | 2025-04-11 | N/A |
| HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-5936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200. | ||||
| CVE-2013-6672 | 7 Canonical, Fedoraproject, Linux and 4 more | 10 Ubuntu Linux, Fedora, Linux Kernel and 7 more | 2025-04-11 | N/A |
| Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | ||||
| CVE-2013-6709 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | N/A |
| The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. | ||||
| CVE-2013-6789 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653. | ||||
| CVE-2013-6791 | 1 Microsoft | 1 Enhanced Mitigation Experience Toolkit | 2025-04-11 | N/A |
| Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack. | ||||
| CVE-2013-6832 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. | ||||
| CVE-2013-6973 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | N/A |
| Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. | ||||
| CVE-2013-6968 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | N/A |
| Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. | ||||
| CVE-2013-6970 | 1 Cisco | 1 Webex Meeting Center | 2025-04-11 | N/A |
| Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | ||||
| CVE-2013-6972 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | N/A |
| Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | ||||
| CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | ||||
| CVE-2014-0293 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||||
| CVE-2014-1233 | 1 Tobias Maier | 1 Paratrooper-pingdom | 2025-04-11 | N/A |
| The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. | ||||
| CVE-2014-1234 | 1 Paratrooper-newrelic Project | 1 Paratrooper-newrelic | 2025-04-11 | N/A |
| The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. | ||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | ||||
| CVE-2002-2435 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | ||||
| CVE-2010-1914 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | ||||