Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | |||||
| CVE-2013-1212 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2025-04-11 | 5.8 MEDIUM | N/A |
| The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | |||||
| CVE-2013-4062 | 1 Ibm | 1 Rational Policy Tester | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | |||||
| CVE-2012-2098 | 1 Apache | 1 Commons Compress | 2025-04-11 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. | |||||
| CVE-2012-6579 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 6.4 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. | |||||
| CVE-2013-7136 | 1 Upc | 1 Ireland Cisco Epc2425 | 2025-04-11 | 9.3 HIGH | N/A |
| The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2011-5036 | 1 Rack Project | 1 Rack | 2025-04-11 | 5.0 MEDIUM | N/A |
| Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-5999 | 1 Kingsoft | 1 Kdrive | 2025-04-11 | 5.8 MEDIUM | N/A |
| Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-3171 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. | |||||
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | |||||
| CVE-2010-4728 | 1 Zikula | 1 Zikula Application Framework | 2025-04-11 | 5.0 MEDIUM | N/A |
| Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism. | |||||
| CVE-2010-3075 | 1 Arg0 | 1 Encfs | 2025-04-11 | 5.0 MEDIUM | N/A |
| EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | |||||
| CVE-2012-2500 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-11 | 4.0 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. | |||||
| CVE-2013-1699 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. | |||||
| CVE-2013-2153 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | 4.3 MEDIUM | N/A |
| The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." | |||||
| CVE-2010-5066 | 1 Vwar | 1 Virtual War | 2025-04-11 | 4.3 MEDIUM | N/A |
| The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack. | |||||
| CVE-2013-2173 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie. | |||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2025-04-11 | 2.6 LOW | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2011-3590 | 1 Redhat | 1 Kexec-tools | 2025-04-11 | 5.7 MEDIUM | N/A |
| The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. | |||||
| CVE-2009-4269 | 1 Apache | 1 Derby | 2025-04-11 | 2.1 LOW | N/A |
| The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. | |||||