Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3444 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. | |||||
| CVE-2010-4758 | 1 Otrs | 1 Otrs | 2025-04-11 | 1.9 LOW | N/A |
| installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | |||||
| CVE-2012-2187 | 1 Ibm | 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 1.5 LOW | N/A |
| IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||||
| CVE-2013-6950 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | |||||
| CVE-2013-6659 | 1 Google | 1 Chrome | 2025-04-11 | 6.4 MEDIUM | N/A |
| The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation. | |||||
| CVE-2013-6305 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | |||||
| CVE-2013-5181 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.3 MEDIUM | N/A |
| The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-5658 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-11 | 2.1 LOW | N/A |
| rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. | |||||
| CVE-2013-1853 | 1 Almanah Project | 1 Almanah | 2025-04-11 | 2.1 LOW | N/A |
| Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. | |||||
| CVE-2011-2736 | 1 Rsa | 1 Envision | 2025-04-11 | 5.0 MEDIUM | N/A |
| RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | |||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | |||||
| CVE-2010-0742 | 1 Openssl | 1 Openssl | 2025-04-11 | 7.5 HIGH | N/A |
| The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2010-4007 | 1 Oracle | 1 Mojarra | 2025-04-11 | 5.0 MEDIUM | N/A |
| Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. | |||||
| CVE-2014-0627 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | |||||
| CVE-2012-4899 | 1 Wellintech | 1 Kingview | 2025-04-11 | 2.1 LOW | N/A |
| WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. | |||||
| CVE-2013-1651 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | 5.8 MEDIUM | N/A |
| OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate. | |||||
| CVE-2013-4787 | 1 Google | 1 Android | 2025-04-11 | 9.3 HIGH | N/A |
| Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. | |||||
| CVE-2014-1242 | 1 Apple | 1 Itunes | 2025-04-11 | 5.8 MEDIUM | N/A |
| Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||||
| CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2025-04-11 | 2.1 LOW | N/A |
| EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | |||||