Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2784 | 1 Triplc | 2 Nano-10 Plc, Nano-10 Plc Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502. | |||||
| CVE-2013-3641 | 1 Pizzahut | 1 Pizza Hut Japan Official Order Application | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0626 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | |||||
| CVE-2011-0410 | 1 Collabnet | 1 Scrumworks | 2025-04-11 | 5.0 MEDIUM | N/A |
| CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. | |||||
| CVE-2013-2716 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2025-04-11 | 5.0 MEDIUM | N/A |
| Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie. | |||||
| CVE-2013-1699 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. | |||||
| CVE-2013-6181 | 1 Emc | 1 Watch4net | 2025-04-11 | 2.1 LOW | N/A |
| EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | |||||
| CVE-2013-4217 | 1 Intel | 1 Wimax Network Service | 2025-04-11 | 2.1 LOW | N/A |
| The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||||
| CVE-2013-3285 | 1 Emc | 1 Networker | 2025-04-11 | 3.5 LOW | N/A |
| The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources. | |||||
| CVE-2010-0362 | 1 Zeus | 1 Zeus Web Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | |||||
| CVE-2011-0766 | 2 Erlang, Ssh | 3 Crypto, Erlang\/otp, Ssh | 2025-04-11 | 7.8 HIGH | N/A |
| The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | |||||
| CVE-2011-4507 | 1 Dlink | 1 Dir-685 | 2025-04-11 | 7.5 HIGH | N/A |
| The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device. | |||||
| CVE-2013-3704 | 1 Novell | 1 Libzypp | 2025-04-11 | 4.3 MEDIUM | N/A |
| The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key. | |||||
| CVE-2011-1945 | 1 Openssl | 1 Openssl | 2025-04-11 | 2.6 LOW | N/A |
| The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. | |||||
| CVE-2012-1251 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.8 MEDIUM | N/A |
| Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-4461 | 2 Mortbay, Oracle | 2 Jetty, Sun Storage Common Array Manager | 2025-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-7304 | 1 Checkpoint | 1 Endpoint Security Mi Server R73 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client. | |||||
| CVE-2012-6086 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 4.3 MEDIUM | N/A |
| libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2025-04-11 | 5.8 MEDIUM | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||