Total
2490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3189 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
| The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. | |||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | |||||
| CVE-2012-0059 | 1 Redhat | 2 Network Proxy, Satellite | 2025-04-11 | 4.3 MEDIUM | N/A |
| Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. | |||||
| CVE-2013-1445 | 1 Dlitz | 1 Pycrypto | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | |||||
| CVE-2012-3715 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-2686 | 1 Openssl | 1 Openssl | 2025-04-11 | 5.0 MEDIUM | N/A |
| crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. | |||||
| CVE-2012-6086 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 4.3 MEDIUM | N/A |
| libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-3588 | 1 Redhat | 1 Kexec-tools | 2025-04-11 | 5.7 MEDIUM | N/A |
| The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. | |||||
| CVE-2013-1740 | 1 Mozilla | 1 Network Security Services | 2025-04-11 | 5.8 MEDIUM | N/A |
| The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. | |||||
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | |||||
| CVE-2011-4083 | 1 Redhat | 1 Sos | 2025-04-11 | 4.3 MEDIUM | N/A |
| The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. | |||||
| CVE-2011-4684 | 1 Opera | 1 Opera Browser | 2025-04-11 | 10.0 HIGH | N/A |
| Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases." | |||||
| CVE-2013-2173 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie. | |||||
| CVE-2011-0766 | 2 Erlang, Ssh | 3 Crypto, Erlang\/otp, Ssh | 2025-04-11 | 7.8 HIGH | N/A |
| The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | |||||
| CVE-2013-2784 | 1 Triplc | 2 Nano-10 Plc, Nano-10 Plc Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502. | |||||
| CVE-2013-6986 | 1 Zippyyum | 1 Subway Ordering For California | 2025-04-11 | 2.1 LOW | N/A |
| The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements. | |||||
| CVE-2010-3074 | 1 Arg0 | 1 Encfs | 2025-04-11 | 2.1 LOW | N/A |
| SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | |||||
| CVE-2013-2319 | 1 Filemaker | 2 Filemaker Pro, Filemaker Pro Advanced | 2025-04-11 | 5.8 MEDIUM | N/A |
| FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-1574 | 2 Apache, Cloudera | 3 Hadoop, Cloudera Cdh, Hadoop | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. | |||||
| CVE-2012-3505 | 1 Banu | 1 Tinyproxy | 2025-04-11 | 5.0 MEDIUM | N/A |
| Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket. | |||||