Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3017 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2026-06-16 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.
CVE-2013-2953 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2026-06-16 4.3 MEDIUM N/A
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVE-2013-2803 1 Prosoft-technology 1 Radiolinx Controlscape 2026-06-16 9.3 HIGH N/A
ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-2784 1 Triplc 2 Nano-10 Plc, Nano-10 Plc Firmware 2026-06-16 7.8 HIGH N/A
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502.
CVE-2013-2782 1 Schneider-electric 2 Tburjr900, Tburjr900 Firmware 2026-06-16 9.3 HIGH N/A
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2013-2758 2 Apache, Citrix 2 Cloudstack, Cloudplatform 2026-06-16 5.0 MEDIUM N/A
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
CVE-2013-2716 2 Puppet, Puppetlabs 2 Puppet Enterprise, Puppet 2026-06-16 5.0 MEDIUM N/A
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.
CVE-2013-2548 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2026-06-16 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2547 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2026-06-16 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2546 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2026-06-16 2.1 LOW N/A
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2319 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2026-06-16 5.8 MEDIUM N/A
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-2179 1 X 1 X Display Manager 2026-06-16 4.3 MEDIUM N/A
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.
CVE-2013-2173 1 Wordpress 1 Wordpress 2026-06-16 4.3 MEDIUM N/A
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.
CVE-2013-2172 1 Apache 1 Santuario Xml Security For Java 2026-06-16 4.3 MEDIUM N/A
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
CVE-2013-2153 1 Apache 1 Xml Security For C\+\+ 2026-06-16 4.3 MEDIUM N/A
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."
CVE-2013-2125 1 Openbsd 1 Opensmtpd 2026-06-16 5.0 MEDIUM N/A
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
CVE-2013-2100 1 Gentoo 1 Portage 2026-06-16 9.3 HIGH N/A
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
CVE-2013-1941 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-16 5.0 MEDIUM N/A
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
CVE-2013-1921 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-16 1.9 LOW N/A
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
CVE-2013-1853 1 Almanah Project 1 Almanah 2026-06-16 2.1 LOW N/A
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.