| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| surf: cookie jar has read access from other local user |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
| mediawiki allows deleted text to be exposed |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
| mpack 1.6 has information disclosure via eavesdropping on mails sent by other users |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. |
| Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. |
| fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. |
| TYPO3 before 4.5.4 allows Information Disclosure in the backend. |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. |
| Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. |
| ABRT might allow attackers to obtain sensitive information from crash reports. |
| OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. |
| Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. |
