Total
2465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3287 | 1 Poul-henning Kamp | 1 Md5crypt | 2025-04-11 | 5.0 MEDIUM | N/A |
| Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. | |||||
| CVE-2013-7128 | 1 Valvesoftware | 1 Steamos | 2025-04-11 | 2.1 LOW | N/A |
| Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2012-3018 | 1 Iconics | 2 Bizviz, Genesis32 | 2025-04-11 | 4.4 MEDIUM | N/A |
| The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. | |||||
| CVE-2011-3599 | 2 Adam Kennedy, Perl | 2 Crypt-dsa, Perl | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. | |||||
| CVE-2013-4185 | 2 Openstack, Redhat | 2 Compute, Openstack | 2025-04-11 | 4.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | |||||
| CVE-2012-1923 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2025-04-11 | 2.1 LOW | N/A |
| RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | |||||
| CVE-2011-2223 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | 3.3 LOW | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | |||||
| CVE-2013-1228 | 1 Cisco | 1 Jabber | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. | |||||
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2010-2757 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 6.5 MEDIUM | N/A |
| The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. | |||||
| CVE-2013-4476 | 1 Samba | 1 Samba | 2025-04-11 | 1.2 LOW | N/A |
| Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. | |||||
| CVE-2010-3399 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.8 MEDIUM | N/A |
| The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | |||||
| CVE-2012-5456 | 1 Zoner | 1 Zoner Antivirus Free | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. | |||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2025-04-11 | 7.6 HIGH | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | |||||
| CVE-2011-0281 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. | |||||
| CVE-2012-1150 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2012-0390 | 1 Gnu | 1 Gnutls | 2025-04-11 | 4.3 MEDIUM | N/A |
| The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. | |||||
| CVE-2013-6950 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | |||||
| CVE-2012-3887 | 1 Airdroid | 1 Airdroid | 2025-04-11 | 5.0 MEDIUM | N/A |
| AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. | |||||