Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6812 1 Nextdc 1 Onedc 2026-06-17 5.8 MEDIUM N/A
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-6807 1 Opentext 1 Exceed Ondemand 2026-06-17 6.8 MEDIUM N/A
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
CVE-2013-6805 1 Opentext 1 Exceed Ondemand 2026-06-17 5.0 MEDIUM N/A
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.
CVE-2013-6718 1 Ibm 1 Advanced Management Module Firmware 2026-06-17 6.4 MEDIUM N/A
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
CVE-2013-6673 5 Canonical, Fedoraproject, Mozilla and 2 more 9 Ubuntu Linux, Fedora, Firefox and 6 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
CVE-2013-6659 1 Google 1 Chrome 2026-06-17 6.4 MEDIUM N/A
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
CVE-2013-6491 2 Openstack, Redhat 2 Oslo, Openstack 2026-06-17 4.3 MEDIUM N/A
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-6450 1 Openssl 1 Openssl 2026-06-17 5.8 MEDIUM N/A
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
CVE-2013-6449 1 Openssl 1 Openssl 2026-06-17 4.3 MEDIUM N/A
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
CVE-2013-6445 1 Redhat 1 Enterprise Mrg 2026-06-17 5.0 MEDIUM N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
CVE-2013-6401 1 Jansson Project 1 Jansson 2026-06-17 5.0 MEDIUM N/A
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
CVE-2013-6396 1 Openstack 1 Swift 2026-06-17 5.8 MEDIUM N/A
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-6394 2 Opensuse, Percona 2 Opensuse, Xtrabackup 2026-06-17 2.1 LOW N/A
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
CVE-2013-6386 1 Drupal 1 Drupal 2026-06-17 6.8 MEDIUM N/A
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
CVE-2013-6371 2 Fedoraproject, Json-c 2 Fedora, Json-c 2026-06-17 5.0 MEDIUM N/A
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
CVE-2013-6329 1 Ibm 3 Content Manager Ondemand For Multiplatforms, Global Security Kit, Security Access Manager For Web 2026-06-17 7.8 HIGH N/A
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
CVE-2013-6305 1 Ibm 1 Platform Symphony 2026-06-17 4.3 MEDIUM N/A
IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key.
CVE-2013-6181 1 Emc 1 Watch4net 2026-06-17 2.1 LOW N/A
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.
CVE-2013-6169 1 Process-one 1 Ejabberd 2026-06-17 4.3 MEDIUM N/A
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
CVE-2013-6078 1 Emc 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager 2026-06-16 5.8 MEDIUM N/A
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.