Export limit exceeded: 10829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10829 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6104 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | ||||
| CVE-2012-6105 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | ||||
| CVE-2012-6113 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. | ||||
| CVE-2012-6140 | 1 Google | 1 Authenticator | 2025-04-11 | N/A |
| pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258. | ||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2025-04-11 | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | ||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2012-6337 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2025-04-11 | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | ||||
| CVE-2012-6459 | 2 Intel, Linux | 2 Connman, Tizen | 2025-04-11 | N/A |
| ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | ||||
| CVE-2012-6466 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. | ||||
| CVE-2012-6502 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | ||||
| CVE-2012-6512 | 1 Organizer Project | 1 Organizer | 2025-04-11 | N/A |
| The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php. | ||||
| CVE-2012-6515 | 1 Efrontlearning | 1 Efront | 2025-04-11 | N/A |
| eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. | ||||
| CVE-2012-6536 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. | ||||
| CVE-2012-6537 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. | ||||
| CVE-2012-6538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | ||||
| CVE-2012-6539 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||
| CVE-2012-6540 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||
| CVE-2012-6541 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||
| CVE-2012-6542 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. | ||||
| CVE-2012-6543 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||