Total
2490 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5410 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||
CVE-2009-3475 | 1 Internet2 | 1 Shibboleth-sp | 2025-04-09 | 7.5 HIGH | N/A |
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2025-04-09 | 2.1 LOW | N/A |
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | |||||
CVE-2008-5331 | 1 Adobe | 1 Acrobat | 2025-04-09 | 7.5 HIGH | N/A |
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. | |||||
CVE-2009-0053 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-09 | 4.3 MEDIUM | N/A |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." | |||||
CVE-2009-3200 | 1 Qnap | 2 Ts-239 Pro Turbo Nas, Ts-639 Pro Turbo Nas | 2025-04-09 | 5.9 MEDIUM | N/A |
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. | |||||
CVE-2009-3474 | 1 Internet2 | 3 Opensaml, Shibboleth-sp, Xmltooling | 2025-04-09 | 7.5 HIGH | N/A |
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | |||||
CVE-2009-2730 | 1 Gnu | 1 Gnutls | 2025-04-09 | 7.5 HIGH | N/A |
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
CVE-2008-5659 | 1 Gnu | 1 Classpath | 2025-04-09 | 7.5 HIGH | N/A |
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | |||||
CVE-2007-5024 | 1 Emc | 1 Vmware Server | 2025-04-09 | 2.1 LOW | N/A |
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. | |||||
CVE-2007-4928 | 1 Axis | 1 207w Network Camera | 2025-04-09 | 4.9 MEDIUM | N/A |
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | |||||
CVE-2010-0228 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | 4.6 MEDIUM | N/A |
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
CVE-2008-3057 | 1 Octeth | 1 Oempro | 2025-04-09 | 5.0 MEDIUM | N/A |
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2009-2982 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. | |||||
CVE-2007-5768 | 1 Globe7 | 1 Globe7 | 2025-04-09 | 5.0 MEDIUM | N/A |
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. | |||||
CVE-2009-2977 | 1 Cisco | 1 Cs-mars | 2025-04-09 | 3.3 LOW | N/A |
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. | |||||
CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2025-04-09 | 7.8 HIGH | N/A |
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
CVE-2009-3941 | 1 Martin Lambers | 1 Mpop | 2025-04-09 | 5.0 MEDIUM | N/A |
Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2009-4295 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 7.8 HIGH | N/A |
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | |||||
CVE-2009-0209 | 1 Osisoft | 1 Pi Server | 2025-04-09 | 6.4 MEDIUM | N/A |
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. |