Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4613 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | ||||
| CVE-2006-6674 | 1 Ozeki | 1 Http-sms Gateway | 2025-04-09 | N/A |
| Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. | ||||
| CVE-2008-3662 | 1 Gallery | 1 Gallery | 2025-04-09 | N/A |
| Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1263 | 1 Linksys | 1 Wrt54g | 2025-04-09 | N/A |
| The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | ||||
| CVE-2009-2417 | 3 Curl, Libcurl, Redhat | 3 Libcurl, Libcurl, Enterprise Linux | 2025-04-09 | N/A |
| lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2009-2666 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2025-04-09 | N/A |
| socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2009-3475 | 1 Internet2 | 1 Shibboleth-sp | 2025-04-09 | N/A |
| Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2009-0368 | 1 Opensc-project | 1 Opensc | 2025-04-09 | N/A |
| OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. | ||||
| CVE-2008-1383 | 1 Gentoo | 1 Linux | 2025-04-09 | N/A |
| The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | ||||
| CVE-2008-1431 | 1 Raidsonic Technology | 2 Firmware, Nas-4220-b | 2025-04-09 | N/A |
| RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. | ||||
| CVE-2009-0547 | 2 Evolution, Redhat | 2 Evolution, Enterprise Linux | 2025-04-09 | N/A |
| Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. | ||||
| CVE-2008-2235 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2025-04-09 | N/A |
| OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | ||||
| CVE-2008-3057 | 1 Octeth | 1 Oempro | 2025-04-09 | N/A |
| Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2009-3936 | 1 Citrix | 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. | ||||
| CVE-2008-2558 | 1 Cre Loaded | 1 Cre Loaded | 2025-04-09 | N/A |
| CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP. | ||||
| CVE-2007-4750 | 1 Data-vision | 1 Remotedocs R-viewer | 2025-04-09 | N/A |
| Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension. | ||||
| CVE-2008-2299 | 2 Citrix, Microsoft | 4 Access Essentials, Desktop Server, Presentation Server and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | ||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | ||||
| CVE-2009-0209 | 1 Osisoft | 1 Pi Server | 2025-04-09 | N/A |
| PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. | ||||