Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4135 2 Debian, Openafs 2 Debian Linux, Openafs 2026-06-16 4.3 MEDIUM N/A
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-4134 2 Debian, Openafs 2 Debian Linux, Openafs 2026-06-16 4.3 MEDIUM N/A
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
CVE-2013-4132 2 Kde, Opensuse 3 Kde-workspace, Kde Sc, Opensuse 2026-06-16 5.0 MEDIUM N/A
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
CVE-2013-4073 1 Ruby-lang 1 Ruby 2026-06-16 6.8 MEDIUM N/A
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4062 1 Ibm 1 Rational Policy Tester 2026-06-16 6.8 MEDIUM N/A
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate.
CVE-2013-4038 1 Ibm 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more 2026-06-16 4.0 MEDIUM N/A
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
CVE-2013-4035 1 Ibm 1 Sterling Connect 2026-06-16 4.1 MEDIUM 7.3 HIGH
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
CVE-2013-4030 1 Ibm 31 Bladecenter, Flex System Manager Node 7955, Flex System Manager Node 8731 and 28 more 2026-06-16 4.3 MEDIUM N/A
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
CVE-2013-4006 1 Ibm 1 Websphere Application Server 2026-06-16 4.3 MEDIUM N/A
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.
CVE-2013-3989 1 Ibm 1 Security Appscan 2026-06-16 3.5 LOW N/A
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
CVE-2013-3970 1 Juniper 2 Junos Pulse Access Control Service, Junos Pulse Secure Access Service 2026-06-16 4.3 MEDIUM N/A
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
CVE-2013-3712 1 Suse 2 Studio Extension For System Z, Studio Onsite 2026-06-16 10.0 HIGH N/A
SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
CVE-2013-3710 1 Novell 1 Suse Lifecycle Management Server 2026-06-16 4.3 MEDIUM N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.
CVE-2013-3704 1 Novell 1 Libzypp 2026-06-16 4.3 MEDIUM N/A
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.
CVE-2013-3687 1 Ovislink 6 Airlive Od-2025hd, Airlive Od-2060hd, Airlive Poe100hd and 3 more 2026-06-16 7.8 HIGH N/A
AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.
CVE-2013-3641 1 Pizzahut 1 Pizza Hut Japan Official Order Application 2026-06-16 5.8 MEDIUM N/A
The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-3624 1 Baramundi 1 Management Suite 2026-06-16 7.8 HIGH N/A
The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763.
CVE-2013-3593 1 Baramundi 1 Management Suite 2026-06-16 7.8 HIGH N/A
Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file.
CVE-2013-3287 1 Dell 1 Emc Unisphere 2026-06-16 1.9 LOW N/A
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
CVE-2013-3285 1 Emc 1 Networker 2026-06-16 3.5 LOW N/A
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.