Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4708 | 1 Iij | 12 Seil\%2fb1 Firmware, Seil\%2fneu 2fe Plus Firmware, Seil\%2fturbo Firmware and 9 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic. | |||||
| CVE-2013-5208 | 1 Infohr | 1 Hr Human Resource Information System | 2025-04-11 | 4.1 MEDIUM | N/A |
| HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique. | |||||
| CVE-2013-1445 | 1 Dlitz | 1 Pycrypto | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | |||||
| CVE-2010-5066 | 1 Vwar | 1 Virtual War | 2025-04-11 | 4.3 MEDIUM | N/A |
| The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack. | |||||
| CVE-2010-1413 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-4218 | 1 Intel | 1 Wimax Network Service | 2025-04-11 | 2.1 LOW | N/A |
| The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations. | |||||
| CVE-2012-4114 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.8 MEDIUM | N/A |
| The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | |||||
| CVE-2010-1651 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-11 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | |||||
| CVE-2013-1651 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | 5.8 MEDIUM | N/A |
| OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate. | |||||
| CVE-2011-4432 | 1 Merethis | 1 Centreon | 2025-04-11 | 5.0 MEDIUM | N/A |
| www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | |||||
| CVE-2013-5185 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | |||||
| CVE-2011-3693 | 1 Netsaro | 1 Enterprise Messenger Server | 2025-04-11 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. | |||||
| CVE-2012-3818 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | 2.1 LOW | N/A |
| The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | |||||
| CVE-2012-6571 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2025-04-11 | 7.5 HIGH | N/A |
| The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | |||||
| CVE-2014-1696 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | 5.0 MEDIUM | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-2153 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | 4.3 MEDIUM | N/A |
| The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." | |||||
| CVE-2011-0002 | 1 Miloslav Trmac | 1 Libuser | 2025-04-11 | 6.4 MEDIUM | N/A |
| libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | |||||
| CVE-2013-4073 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 6.8 MEDIUM | N/A |
| The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-2319 | 1 Filemaker | 2 Filemaker Pro, Filemaker Pro Advanced | 2025-04-11 | 5.8 MEDIUM | N/A |
| FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-2190 | 1 Cherokee-project | 1 Cherokee | 2025-04-11 | 2.1 LOW | N/A |
| The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | |||||