Total
10691 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | ||||
| CVE-2010-4349 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | ||||
| CVE-2010-4608 | 1 Habariproject | 1 Habari | 2025-04-11 | N/A |
| Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message. | ||||
| CVE-2010-5069 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264. | ||||
| CVE-2010-0434 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2025-04-11 | N/A |
| The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||||
| CVE-2010-0488 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2025-04-11 | 6.5 Medium |
| Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." | ||||
| CVE-2010-0494 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more | 2025-04-11 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." | ||||
| CVE-2010-0660 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging. | ||||
| CVE-2010-0826 | 2 Piotr Roszatycki, Redhat | 2 Libnss-db, Enterprise Linux | 2025-04-11 | N/A |
| The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module. | ||||
| CVE-2010-5292 | 1 Amberdms | 1 Amberdms Billing System | 2025-04-11 | N/A |
| Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | ||||
| CVE-2010-1230 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors. | ||||
| CVE-2010-1258 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." | ||||
| CVE-2010-1388 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | ||||
| CVE-2010-1393 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. | ||||
| CVE-2010-1406 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. | ||||
| CVE-2010-1457 | 1 Gnustep | 1 Gnustep Base | 2025-04-11 | N/A |
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. | ||||
| CVE-2010-1864 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-1914 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | ||||
| CVE-2011-0217 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Safari and 3 more | 2025-04-11 | N/A |
| Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | ||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | ||||