Total
2490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2011 | 1 Microsoft | 1 Dynamics Gp | 2025-04-11 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. | |||||
| CVE-2009-2751 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-3989 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 3.5 LOW | N/A |
| IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content. | |||||
| CVE-2012-2230 | 1 Cloudera | 2 Cloudera Manager, Cloudera Service And Configuration Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
| Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. | |||||
| CVE-2010-3173 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 7.5 HIGH | N/A |
| The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||||
| CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | |||||
| CVE-2013-0148 | 1 Faircom | 1 C-treeace | 2025-04-11 | 7.1 HIGH | N/A |
| The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certain default configuration. | |||||
| CVE-2013-7222 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
| config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. | |||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2025-04-11 | 7.5 HIGH | N/A |
| The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-2328 | 2 Opensuse, Standards Based Linux Instrumentation Project | 2 Opensuse, Standards-based Linux Common Information Model Client | 2025-04-11 | 5.0 MEDIUM | N/A |
| internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. | |||||
| CVE-2013-4030 | 1 Ibm | 31 Bladecenter, Flex System Manager Node 7955, Flex System Manager Node 8731 and 28 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. | |||||
| CVE-2011-4321 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | |||||
| CVE-2011-1327 | 1 Trendmicro | 1 Trend Micro Internet Security | 2025-04-11 | 2.1 LOW | N/A |
| The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | |||||
| CVE-2013-4699 | 1 Yahoo | 1 Yafuoku\! | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-0742 | 1 Openssl | 1 Openssl | 2025-04-11 | 7.5 HIGH | N/A |
| The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2013-0169 | 3 Openssl, Oracle, Polarssl | 3 Openssl, Openjdk, Polarssl | 2025-04-11 | 2.6 LOW | N/A |
| The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | |||||
| CVE-2012-6578 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. | |||||
| CVE-2014-1242 | 1 Apple | 1 Itunes | 2025-04-11 | 5.8 MEDIUM | N/A |
| Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||||
| CVE-2012-2143 | 4 Debian, Freebsd, Php and 1 more | 4 Debian Linux, Freebsd, Php and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | |||||