Total
2484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4928 | 1 Axis | 1 207w Network Camera | 2025-04-09 | 4.9 MEDIUM | N/A |
| The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | |||||
| CVE-2010-0228 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | 4.6 MEDIUM | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
| CVE-2008-3057 | 1 Octeth | 1 Oempro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2009-2982 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. | |||||
| CVE-2007-5768 | 1 Globe7 | 1 Globe7 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. | |||||
| CVE-2009-2977 | 1 Cisco | 1 Cs-mars | 2025-04-09 | 3.3 LOW | N/A |
| The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. | |||||
| CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2025-04-09 | 7.8 HIGH | N/A |
| The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
| CVE-2009-3941 | 1 Martin Lambers | 1 Mpop | 2025-04-09 | 5.0 MEDIUM | N/A |
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-4295 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 7.8 HIGH | N/A |
| Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | |||||
| CVE-2009-0209 | 1 Osisoft | 1 Pi Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. | |||||
| CVE-2009-0742 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
| The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2009-2951 | 1 Phenotype-cms | 1 Phenotype Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords. | |||||
| CVE-2008-1772 | 1 Iscripts | 1 Socialware | 2025-04-09 | 5.0 MEDIUM | N/A |
| iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-0759 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548. | |||||
| CVE-2009-2661 | 1 Strongswan | 1 Strongswan | 2025-04-09 | 5.0 MEDIUM | N/A |
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. | |||||
| CVE-2009-3624 | 1 Linux | 2 Kernel, Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
| The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. | |||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | |||||
| CVE-2008-6824 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2025-04-09 | 10.0 HIGH | N/A |
| The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2025-04-09 | 2.1 LOW | N/A |
| The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | |||||
| CVE-2009-2319 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||