Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0217 | 1 Zeacom | 1 Chat Server | 2025-04-11 | N/A |
| Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack. | ||||
| CVE-2012-3287 | 1 Poul-henning Kamp | 1 Md5crypt | 2025-04-11 | N/A |
| Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. | ||||
| CVE-2011-4083 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. | ||||
| CVE-2012-3312 | 1 Ibm | 1 Infosphere Guardium | 2025-04-11 | N/A |
| The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2011-4046 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2025-04-11 | N/A |
| The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. | ||||
| CVE-2012-3376 | 1 Apache | 1 Hadoop | 2025-04-11 | N/A |
| DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | ||||
| CVE-2010-0362 | 1 Zeus | 1 Zeus Web Server | 2025-04-11 | N/A |
| Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | ||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | ||||
| CVE-2013-5915 | 1 Polarssl | 1 Polarssl | 2025-04-11 | N/A |
| The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. | ||||
| CVE-2012-2143 | 5 Debian, Freebsd, Php and 2 more | 5 Debian Linux, Freebsd, Php and 2 more | 2025-04-11 | N/A |
| The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | ||||
| CVE-2010-1324 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. | ||||
| CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | ||||
| CVE-2012-3458 | 1 Python | 1 Beaker | 2025-04-11 | N/A |
| Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. | ||||
| CVE-2011-2344 | 1 Google | 1 Android | 2025-04-11 | N/A |
| Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | ||||
| CVE-2011-3009 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-11 | N/A |
| Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. | ||||
| CVE-2011-1433 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. | ||||
| CVE-2010-4311 | 1 Dustincowell | 1 Free Simple Software | 2025-04-11 | N/A |
| Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2010-4304 | 1 Cisco | 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more | 2025-04-11 | N/A |
| The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. | ||||
| CVE-2010-4302 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2025-04-11 | N/A |
| /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. | ||||
| CVE-2013-4699 | 1 Yahoo | 1 Yafuoku\! | 2025-04-11 | N/A |
| The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||