Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4960 | 1 Huawei | 66 Acu, Ar 19\/29\/49, Ar G3 and 63 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2012-3887 | 1 Airdroid | 1 Airdroid | 2025-04-11 | 5.0 MEDIUM | N/A |
| AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. | |||||
| CVE-2012-5809 | 1 Groupon | 1 Groupon Merchants | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-3006 | 1 Innominate | 19 Eagle Mguard Bd-301010, Eagle Mguard Hw-201000, Mguard Blade Hw-104020 and 16 more | 2025-04-11 | 7.1 HIGH | N/A |
| The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value. | |||||
| CVE-2011-0207 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | |||||
| CVE-2011-2736 | 1 Rsa | 1 Envision | 2025-04-11 | 5.0 MEDIUM | N/A |
| RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | |||||
| CVE-2013-1576 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 2.9 LOW | N/A |
| The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
| CVE-2011-2344 | 1 Google | 1 Android | 2025-04-11 | 10.0 HIGH | N/A |
| Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | |||||
| CVE-2010-2270 | 1 Accoria | 1 Rock Web Server | 2025-04-11 | 7.5 HIGH | N/A |
| Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2010-1568 | 1 Cisco | 1 Ironport Desktop Flag Plugin For Outlook | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623. | |||||
| CVE-2012-0861 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
| The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. | |||||
| CVE-2011-3013 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 5.0 MEDIUM | N/A |
| WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2011-0724 | 1 Ubuntu | 2 Edubuntu, Live Dvd | 2025-04-11 | 9.3 HIGH | N/A |
| The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | |||||
| CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2025-04-11 | 2.1 LOW | N/A |
| EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | |||||
| CVE-2012-2143 | 4 Debian, Freebsd, Php and 1 more | 4 Debian Linux, Freebsd, Php and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | |||||
| CVE-2011-5064 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
| DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. | |||||
| CVE-2012-3312 | 1 Ibm | 1 Infosphere Guardium | 2025-04-11 | 5.0 MEDIUM | N/A |
| The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3818 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | 2.1 LOW | N/A |
| The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | |||||
| CVE-2010-4214 | 2 Google, Wellsfargo | 2 Android, Wells Fargo Mobile | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | |||||
| CVE-2013-1124 | 2 Apple, Cisco | 2 Mac Os X, Network Admission Control | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309. | |||||