Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5960 | 1 Owasp | 1 Enterprise Security Api | 2025-04-11 | 5.8 MEDIUM | N/A |
| The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. | |||||
| CVE-2012-3514 | 1 Nicolas Cannasse | 1 Ocaml Xml-light Library | 2025-04-11 | 5.0 MEDIUM | N/A |
| OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
| CVE-2012-1244 | 1 Nttdocomo | 1 Spmode Mail Android | 2025-04-11 | 5.8 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-3692 | 1 Netsaro | 1 Enterprise Messenger Server | 2025-04-11 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. | |||||
| CVE-2011-0009 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database. | |||||
| CVE-2012-3533 | 2 Ovirt, Ovirt-engine-sdk | 3 Ovirt, Ovirt-engine-cli, 3.1.0.5 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. | |||||
| CVE-2013-4073 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 6.8 MEDIUM | N/A |
| The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-7128 | 1 Valvesoftware | 1 Steamos | 2025-04-11 | 2.1 LOW | N/A |
| Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2012-2739 | 1 Oracle | 3 Jdk, Jre, Openjdk | 2025-04-11 | 5.0 MEDIUM | N/A |
| Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2011-1327 | 1 Trendmicro | 1 Trend Micro Internet Security | 2025-04-11 | 2.1 LOW | N/A |
| The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | |||||
| CVE-2012-3431 | 1 Redhat | 1 Jboss Enterprise Data Services Platform | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack. | |||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | |||||
| CVE-2013-7030 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | 7.3 HIGH |
| The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue | |||||
| CVE-2011-5121 | 1 Comodo | 1 Comodo Internet Security | 2025-04-11 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2013-5507 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | 7.1 HIGH | N/A |
| The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975. | |||||
| CVE-2011-2142 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. | |||||
| CVE-2013-1853 | 1 Almanah Project | 1 Almanah | 2025-04-11 | 2.1 LOW | N/A |
| Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. | |||||
| CVE-2012-4899 | 1 Wellintech | 1 Kingview | 2025-04-11 | 2.1 LOW | N/A |
| WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. | |||||
| CVE-2013-0483 | 1 Ibm | 1 Ims Enterprise Suite | 2025-04-11 | 5.0 MEDIUM | N/A |
| The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2010-3075 | 1 Arg0 | 1 Encfs | 2025-04-11 | 5.0 MEDIUM | N/A |
| EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | |||||