Total
2458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4461 | 2 Mortbay, Oracle | 2 Jetty, Sun Storage Common Array Manager | 2025-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-5492 | 1 Cisco | 1 Socialminer | 2025-04-11 | 5.0 MEDIUM | N/A |
| administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. | |||||
| CVE-2013-6673 | 5 Canonical, Fedoraproject, Mozilla and 2 more | 10 Ubuntu Linux, Fedora, Firefox and 7 more | 2025-04-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | |||||
| CVE-2013-3704 | 1 Novell | 1 Libzypp | 2025-04-11 | 4.3 MEDIUM | N/A |
| The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key. | |||||
| CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2025-04-09 | 2.1 LOW | N/A |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | |||||
| CVE-2009-3044 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2009-0547 | 1 Evolution | 1 Evolution | 2025-04-09 | 5.0 MEDIUM | N/A |
| Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. | |||||
| CVE-2009-2666 | 1 Fetchmail | 1 Fetchmail | 2025-04-09 | 6.4 MEDIUM | N/A |
| socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | |||||
| CVE-2008-5230 | 1 Cisco | 1 Ios | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | |||||
| CVE-2009-1174 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | |||||
| CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2025-04-09 | 7.8 HIGH | N/A |
| The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2009-3942 | 1 Martin Lambers | 1 Msmtp | 2025-04-09 | 6.4 MEDIUM | N/A |
| Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2025-04-09 | 7.8 HIGH | N/A |
| The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
| CVE-2009-4295 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 7.8 HIGH | N/A |
| Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | |||||
| CVE-2009-0053 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-09 | 4.3 MEDIUM | N/A |
| PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." | |||||
| CVE-2010-0222 | 1 Kingston | 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure | 2025-04-09 | 4.6 MEDIUM | N/A |
| Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
| CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2025-04-09 | 2.1 LOW | N/A |
| RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | |||||
| CVE-2008-5328 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 4.6 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process. | |||||
| CVE-2009-3455 | 1 Apple | 1 Safari | 2025-04-09 | 7.5 HIGH | N/A |
| Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||