Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2976 | 1 Cisco | 2 Aironet Ap1100, Aironet Ap1200 | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. | |||||
| CVE-2009-2661 | 1 Strongswan | 1 Strongswan | 2025-04-09 | 5.0 MEDIUM | N/A |
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. | |||||
| CVE-2009-1474 | 1 Aten | 2 Kh1516i Ip Kvm Switch, Kn9116 Ip Kvm Switch | 2025-04-09 | 7.6 HIGH | N/A |
| The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2008-1431 | 1 Raidsonic Technology | 2 Firmware, Nas-4220-b | 2025-04-09 | 2.1 LOW | N/A |
| RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. | |||||
| CVE-2008-2558 | 1 Cre Loaded | 1 Cre Loaded | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP. | |||||
| CVE-2009-2749 | 1 Ibm | 2 Communications Enabled Applications, Websphere Application Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. | |||||
| CVE-2009-1472 | 1 Aten | 2 Kh1516i Ip Kvm Switch, Kn9116 Ip Kvm Switch | 2025-04-09 | 10.0 HIGH | N/A |
| The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session. | |||||
| CVE-2007-4311 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.8 MEDIUM | N/A |
| The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. | |||||
| CVE-2007-5863 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | |||||
| CVE-2008-1772 | 1 Iscripts | 1 Socialware | 2025-04-09 | 5.0 MEDIUM | N/A |
| iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2009-0209 | 1 Osisoft | 1 Pi Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. | |||||
| CVE-2009-2510 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. | |||||
| CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2025-04-09 | 4.4 MEDIUM | N/A |
| ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | |||||
| CVE-2009-3475 | 1 Internet2 | 1 Shibboleth-sp | 2025-04-09 | 7.5 HIGH | N/A |
| Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2008-7113 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | |||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | |||||
| CVE-2007-5024 | 1 Emc | 1 Vmware Server | 2025-04-09 | 2.1 LOW | N/A |
| EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. | |||||
| CVE-2009-3602 | 1 Nlnetlabs | 1 Unbound | 2025-04-09 | 7.5 HIGH | N/A |
| Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. | |||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2025-04-09 | 7.5 HIGH | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4751 | 1 Data-vision | 1 Remotedocs R-viewer | 2025-04-09 | 1.9 LOW | N/A |
| RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files. | |||||