Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0222 | 1 Kingston | 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure | 2025-04-09 | N/A |
| Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | ||||
| CVE-2009-3602 | 1 Nlnetlabs | 1 Unbound | 2025-04-09 | N/A |
| Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. | ||||
| CVE-2025-3329 | 1 Consumer | 1 Comanda Mobile | 2025-04-08 | 3.1 Low |
| A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2003-1389 | 1 Research Triangle Software | 1 Cryptobuddy | 2025-04-03 | N/A |
| RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | ||||
| CVE-2002-2379 | 1 Cisco | 1 As5350 | 2025-04-03 | N/A |
| Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor | ||||
| CVE-2003-1392 | 2 Microsoft, Research Triangle Software | 2 All Windows, Cryptobuddy | 2025-04-03 | N/A |
| CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | ||||
| CVE-2003-1391 | 1 Research Triangle Software | 1 Cryptobuddy | 2025-04-03 | N/A |
| RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. | ||||
| CVE-2002-2326 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. | ||||
| CVE-2003-0512 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | ||||
| CVE-2003-1390 | 1 Research Triangle Software | 1 Cryptobuddy | 2025-04-03 | N/A |
| RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | ||||
| CVE-2003-1447 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | N/A |
| IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. | ||||
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | ||||
| CVE-2000-0589 | 1 Sawmill | 1 Sawmill | 2025-04-03 | N/A |
| SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration. | ||||
| CVE-2003-1344 | 1 Trend Micro | 1 Virus Control System | 2025-04-03 | N/A |
| Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files. | ||||
| CVE-2001-1463 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. | ||||
| CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2025-04-03 | N/A |
| FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | ||||
| CVE-2006-0591 | 2 Redhat, Solar Designer | 2 Enterprise Linux, Crypt Blowfish | 2025-04-03 | N/A |
| The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | ||||
| CVE-2004-2703 | 1 Clearswift | 4 Mailsweeper Business Suite I, Mailsweeper Business Suite Ii, Mailsweeper For Smtp and 1 more | 2025-04-03 | N/A |
| Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted". | ||||
| CVE-2006-0270 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | ||||
| CVE-2005-4066 | 1 Christian Ghisler | 1 Total Commander | 2025-04-03 | N/A |
| Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | ||||