Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2010-09-30 CVE-2010-2538 Information Exposure vulnerability in multiple products
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
local
low complexity
linux canonical suse CWE-200
5.5
2010-09-21 CVE-2010-3078 Information Exposure vulnerability in multiple products
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
local
low complexity
linux opensuse suse canonical vmware CWE-200
5.5
2009-06-05 CVE-2009-0783 Information Exposure vulnerability in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
local
low complexity
apache CWE-200
4.2
2007-05-03 CVE-2007-2479 Information Exposure vulnerability in Cerulean Studios Trillian 3.1
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
network
high complexity
cerulean-studios CWE-200
5.9
1997-01-01 CVE-1999-0236 Information Exposure vulnerability in multiple products
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
network
low complexity
apache illinois CWE-200
7.5