Search Results (4416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4571 1 Python 1 Keyring 2025-04-11 N/A
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
CVE-2010-1377 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
CVE-2011-1128 1 Simplemachines 1 Smf 2025-04-11 N/A
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
CVE-2014-1696 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2011-0766 2 Erlang, Ssh 3 Crypto, Erlang\/otp, Ssh 2025-04-11 N/A
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
CVE-2013-4185 2 Openstack, Redhat 2 Compute, Openstack 2025-04-11 N/A
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
CVE-2012-5371 2 Redhat, Ruby-lang 2 Openshift, Ruby 2025-04-11 N/A
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
CVE-2013-4006 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.
CVE-2010-3618 1 Pgp 2 Desktop For Mac, Desktop For Windows 2025-04-11 N/A
PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.
CVE-2010-4728 1 Zikula 1 Zikula Application Framework 2025-04-11 N/A
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
CVE-2013-4708 1 Iij 12 Seil\%2fb1 Firmware, Seil\%2fneu 2fe Plus Firmware, Seil\%2fturbo Firmware and 9 more 2025-04-11 N/A
The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.
CVE-2010-3170 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2010-3171 1 Mozilla 1 Firefox 2025-04-11 N/A
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
CVE-2010-3869 1 Redhat 2 Certificate System, Dogtag Certificate System 2025-04-11 N/A
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
CVE-2012-4829 1 Ibm 1 Xiv Storage System Gen3 2025-04-11 N/A
IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship.
CVE-2011-0436 1 Gplhost 1 Domain Technologie Control 2025-04-11 N/A
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-6950 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.
CVE-2010-5066 1 Vwar 1 Virtual War 2025-04-11 N/A
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.
CVE-2013-7136 1 Upc 1 Ireland Cisco Epc2425 2025-04-11 N/A
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-6952 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.