Vulnerabilities (CVE)

Filtered by CWE-310
Total 2490 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5410 1 Sun 1 Solaris 2025-04-09 7.8 HIGH N/A
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
CVE-2009-3475 1 Internet2 1 Shibboleth-sp 2025-04-09 7.5 HIGH N/A
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2008-7207 1 Rivetcode 1 Rivettracker 2025-04-09 2.1 LOW N/A
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.
CVE-2008-5331 1 Adobe 1 Acrobat 2025-04-09 7.5 HIGH N/A
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.
CVE-2009-0053 1 Cisco 2 Ironport Encryption Appliance, Ironport Postx 2025-04-09 4.3 MEDIUM N/A
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
CVE-2009-3200 1 Qnap 2 Ts-239 Pro Turbo Nas, Ts-639 Pro Turbo Nas 2025-04-09 5.9 MEDIUM N/A
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.
CVE-2009-3474 1 Internet2 3 Opensaml, Shibboleth-sp, Xmltooling 2025-04-09 7.5 HIGH N/A
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
CVE-2009-2730 1 Gnu 1 Gnutls 2025-04-09 7.5 HIGH N/A
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2008-5659 1 Gnu 1 Classpath 2025-04-09 7.5 HIGH N/A
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
CVE-2007-5024 1 Emc 1 Vmware Server 2025-04-09 2.1 LOW N/A
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.
CVE-2007-4928 1 Axis 1 207w Network Camera 2025-04-09 4.9 MEDIUM N/A
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.
CVE-2010-0228 1 Verbatim 1 Corporate Secure 2025-04-09 4.6 MEDIUM N/A
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVE-2008-3057 1 Octeth 1 Oempro 2025-04-09 5.0 MEDIUM N/A
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2009-2982 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.
CVE-2007-5768 1 Globe7 1 Globe7 2025-04-09 5.0 MEDIUM N/A
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.
CVE-2009-2977 1 Cisco 1 Cs-mars 2025-04-09 3.3 LOW N/A
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.
CVE-2009-1560 1 Cisco 1 Wvc54gc 2025-04-09 7.8 HIGH N/A
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code.
CVE-2009-3941 1 Martin Lambers 1 Mpop 2025-04-09 5.0 MEDIUM N/A
Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-4295 1 Sun 1 Ray Server Software 2025-04-09 7.8 HIGH N/A
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
CVE-2009-0209 1 Osisoft 1 Pi Server 2025-04-09 6.4 MEDIUM N/A
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.