Filtered by CWE-212
Filtered by vendor Subscriptions
Total 117 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-12373 4 Canonical, Debian, Mozilla and 1 more 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more 2024-11-21 N/A
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVE-2017-7843 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-21 N/A
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
CVE-2017-7797 1 Mozilla 1 Firefox 2024-11-21 N/A
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.
CVE-2017-5967 1 Linux 1 Linux Kernel 2024-11-21 N/A
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.
CVE-2017-15113 2 Ovirt, Redhat 3 Ovirt, Rhev Manager, Virtualization 2024-11-21 N/A
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
CVE-2015-5697 1 Linux 1 Linux Kernel 2024-11-21 N/A
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
CVE-2015-2045 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 N/A
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
CVE-2015-2044 1 Xen 1 Xen 2024-11-21 N/A
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
CVE-2015-1840 3 Fedoraproject, Opensuse, Rubyonrails 4 Fedora, Opensuse, Jquery-rails and 1 more 2024-11-21 N/A
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
CVE-2014-9423 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2024-11-21 N/A
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
CVE-2014-3559 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2024-11-21 N/A
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
CVE-2013-4355 2 Redhat, Xen 2 Enterprise Linux, Xen 2024-11-21 N/A
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.
CVE-2010-2232 1 Apache 1 Derby 2024-11-21 N/A
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2005-0406 1 Image Processing Project 1 Image Processing 2024-11-21 5.5 Medium
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
CVE-2002-0704 2 Linux, Redhat 2 Linux Kernel, Linux 2024-11-21 7.5 High
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
CVE-2024-7698 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 5.7 Medium
A low privileged remote attacker canĀ get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
CVE-2017-7473 2023-11-07 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none.