Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0296 1 Microsoft 4 Windows 7, Windows 8, Windows 8.1 and 1 more 2026-06-17 5.1 MEDIUM N/A
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."
CVE-2014-0199 1 Redhat 1 Rhevm-reports 2026-06-17 2.1 LOW N/A
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.
CVE-2014-0189 2 Redhat, Virt-who Project 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2026-06-17 2.1 LOW N/A
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
CVE-2014-0177 1 Github 1 Hub 2026-06-17 3.6 LOW N/A
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
CVE-2014-0164 1 Redhat 1 Openshift 2026-06-17 2.1 LOW N/A
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
CVE-2014-0139 1 Haxx 2 Curl, Libcurl 2026-06-17 5.8 MEDIUM N/A
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2014-0103 2 Fedoraproject, Zarafa 3 Fedora, Webapp, Zarafa 2026-06-17 2.1 LOW N/A
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
CVE-2014-0102 1 Linux 1 Linux Kernel 2026-06-17 5.2 MEDIUM N/A
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
CVE-2014-0092 1 Gnu 1 Gnutls 2026-06-17 5.8 MEDIUM N/A
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2014-0076 1 Openssl 1 Openssl 2026-06-17 1.9 LOW N/A
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
CVE-2014-0058 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 1.9 LOW N/A
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
CVE-2014-0042 1 Redhat 1 Openstack 2026-06-17 4.3 MEDIUM N/A
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.
CVE-2014-0041 1 Redhat 1 Openstack 2026-06-17 4.3 MEDIUM N/A
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.
CVE-2014-0036 1 Amos Benari 1 Rbovirt 2026-06-17 6.8 MEDIUM N/A
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVE-2014-0035 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2026-06-17 4.3 MEDIUM N/A
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-0017 1 Libssh 1 Libssh 2026-06-17 1.9 LOW N/A
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
CVE-2013-7449 3 Canonical, Hexchat Project, Xchat 4 Ubuntu Linux, Hexchat, Xchat and 1 more 2026-06-17 5.8 MEDIUM 6.5 MEDIUM
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-7436 1 Kanaka 1 Novnc 2026-06-17 4.3 MEDIUM N/A
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2013-7408 1 F5 1 Big-ip Analytics 2026-06-17 7.5 HIGH N/A
F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.
CVE-2013-7385 1 Livezilla 1 Livezilla 2026-06-17 6.8 MEDIUM N/A
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.