Total
2450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5960 | 1 Owasp | 1 Enterprise Security Api | 2025-04-11 | 5.8 MEDIUM | N/A |
| The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. | |||||
| CVE-2012-4073 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.8 MEDIUM | N/A |
| The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | |||||
| CVE-2012-6571 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2025-04-11 | 7.5 HIGH | N/A |
| The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | |||||
| CVE-2010-0231 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | 10.0 HIGH | N/A |
| The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." | |||||
| CVE-2011-1923 | 1 Polarssl | 1 Polarssl | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095. | |||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2025-04-11 | 7.6 HIGH | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | |||||
| CVE-2013-4545 | 1 Haxx | 2 Curl, Libcurl | 2025-04-11 | 4.3 MEDIUM | N/A |
| cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2010-2057 | 1 Apache | 1 Myfaces | 2025-04-11 | 5.0 MEDIUM | N/A |
| shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. | |||||
| CVE-2011-4507 | 1 Dlink | 1 Dir-685 | 2025-04-11 | 7.5 HIGH | N/A |
| The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device. | |||||
| CVE-2009-5057 | 1 Otrs | 1 Otrs | 2025-04-11 | 5.0 MEDIUM | N/A |
| The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. | |||||
| CVE-2012-0059 | 1 Redhat | 2 Network Proxy, Satellite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. | |||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2025-04-11 | 5.8 MEDIUM | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-2603 | 3 Apple, Microsoft, Rim | 3 Mac Os X, Windows, Blackberry Desktop Software | 2025-04-11 | 2.1 LOW | N/A |
| RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | |||||
| CVE-2010-3400 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.8 MEDIUM | N/A |
| The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. | |||||
| CVE-2012-1923 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2025-04-11 | 2.1 LOW | N/A |
| RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | |||||
| CVE-2010-2978 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. | |||||
| CVE-2013-5915 | 1 Polarssl | 1 Polarssl | 2025-04-11 | 4.3 MEDIUM | N/A |
| The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. | |||||
| CVE-2011-4321 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | |||||
| CVE-2012-2417 | 1 Dlitz | 1 Pycrypto | 2025-04-11 | 4.3 MEDIUM | N/A |
| PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. | |||||
| CVE-2009-2751 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | |||||