Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | |||||
| CVE-2010-4562 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2012-02-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. | |||||
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||
| CVE-2010-4563 | 1 Linux | 1 Linux Kernel | 2012-02-03 | 5.0 MEDIUM | N/A |
| The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. | |||||
| CVE-2011-4276 | 1 Google | 1 Android | 2012-01-26 | 4.3 MEDIUM | N/A |
| The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. | |||||
| CVE-2011-4866 | 2 Android, Kaixin001 | 2 Android, Kaixin001 | 2012-01-25 | 6.4 MEDIUM | N/A |
| The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | |||||
| CVE-2011-4699 | 2 Android, Ubermedia | 2 Android, Twidroyd Legacy | 2012-01-25 | 6.4 MEDIUM | N/A |
| The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | |||||
| CVE-2011-4698 | 2 Android, Androidapptools | 2 Android, Easy Filter | 2012-01-25 | 6.4 MEDIUM | N/A |
| The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | |||||
| CVE-2011-4697 | 2 Android, Xiaomi | 2 Android, Mitalk Messenger | 2012-01-25 | 6.4 MEDIUM | N/A |
| The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | |||||
| CVE-2007-6744 | 1 Flexerasoftware | 1 Installshield | 2012-01-20 | 2.1 LOW | N/A |
| Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | |||||
| CVE-2011-2769 | 1 Tor | 1 Tor | 2012-01-19 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | |||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | |||||
| CVE-2011-4896 | 1 Tor | 1 Tor | 2011-12-30 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. | |||||
| CVE-2011-4897 | 1 Tor | 1 Tor | 2011-12-30 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2011-12-23 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2011-4895 | 1 Tor | 1 Tor | 2011-12-23 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | |||||
| CVE-2011-4850 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2011-12-16 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. | |||||
| CVE-2011-4497 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2011-11-21 | 3.3 LOW | N/A |
| QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | |||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2011-11-18 | 2.6 LOW | N/A |
| OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | |||||