Export limit exceeded: 344034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2507 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4293 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. | ||||
| CVE-2013-4350 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2013-4351 | 2 Gnupg, Redhat | 2 Gnupg, Enterprise Linux | 2025-04-11 | N/A |
| GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. | ||||
| CVE-2013-4363 | 2 Ruby-lang, Rubygems | 2 Ruby, Rubygems | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. | ||||
| CVE-2014-1696 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2025-04-11 | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-4899 | 1 Wellintech | 1 Kingview | 2025-04-11 | N/A |
| WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. | ||||
| CVE-2012-4829 | 1 Ibm | 1 Xiv Storage System Gen3 | 2025-04-11 | N/A |
| IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | ||||
| CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | ||||
| CVE-2008-7270 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | ||||
| CVE-2009-2751 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | ||||
| CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | ||||
| CVE-2012-4694 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2025-04-11 | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | ||||
| CVE-2012-4693 | 2 Invensys, Siemens | 2 Wonderware Intouch, Processsuite | 2025-04-11 | N/A |
| Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. | ||||
| CVE-2012-4615 | 1 Emc | 1 It Operations Intelligence | 2025-04-11 | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-4269 | 1 Apache | 1 Derby | 2025-04-11 | N/A |
| The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. | ||||
| CVE-2009-5084 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data. | ||||
| CVE-2010-0362 | 1 Zeus | 1 Zeus Web Server | 2025-04-11 | N/A |
| Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | ||||
| CVE-2010-0742 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | ||||
| CVE-2010-1128 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. | ||||