Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1096 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | 5.0 MEDIUM | N/A |
| The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." | |||||
| CVE-2011-4736 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files. | |||||
| CVE-2011-1923 | 1 Polarssl | 1 Polarssl | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095. | |||||
| CVE-2013-4700 | 1 Yahoo | 1 Japan Shopping | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-6371 | 1 Belkin | 1 N900 Wireless Router | 2025-04-11 | 3.3 LOW | N/A |
| The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. | |||||
| CVE-2012-4917 | 1 Tripadvisor | 1 Tripadvisor | 2025-04-11 | 5.0 MEDIUM | N/A |
| The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4579 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. | |||||
| CVE-2011-4108 | 1 Openssl | 1 Openssl | 2025-04-11 | 4.3 MEDIUM | N/A |
| The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | |||||
| CVE-2013-4351 | 1 Gnupg | 1 Gnupg | 2025-04-11 | 5.8 MEDIUM | N/A |
| GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. | |||||
| CVE-2011-3212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 2.1 LOW | N/A |
| CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. | |||||
| CVE-2013-4476 | 1 Samba | 1 Samba | 2025-04-11 | 1.2 LOW | N/A |
| Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. | |||||
| CVE-2013-6718 | 1 Ibm | 1 Advanced Management Module Firmware | 2025-04-11 | 6.4 MEDIUM | N/A |
| The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | |||||
| CVE-2013-7295 | 1 Torproject | 1 Tor | 2025-04-11 | 4.0 MEDIUM | N/A |
| Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2010-3399 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.8 MEDIUM | N/A |
| The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | |||||
| CVE-2013-7127 | 1 Apple | 2 Mac Os X, Safari | 2025-04-11 | 2.1 LOW | N/A |
| Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2010-3741 | 1 Rim | 1 Blackberry Desktop Software | 2025-04-11 | 4.7 MEDIUM | N/A |
| The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. | |||||
| CVE-2011-1655 | 1 Broadcom | 1 Total Defense | 2025-04-11 | 7.5 HIGH | N/A |
| The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service. | |||||
| CVE-2013-6449 | 1 Openssl | 1 Openssl | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. | |||||
| CVE-2013-5173 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
| The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||||
| CVE-2012-6580 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. | |||||