Search Results (4416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3624 1 Linux 2 Kernel, Linux Kernel 2025-04-09 N/A
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
CVE-2009-3044 1 Opera 1 Opera Browser 2025-04-09 N/A
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2008-1431 1 Raidsonic Technology 2 Firmware, Nas-4220-b 2025-04-09 N/A
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.
CVE-2009-0547 2 Evolution, Redhat 2 Evolution, Enterprise Linux 2025-04-09 N/A
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
CVE-2009-3766 2 Mutt, Openssl 2 Mutt, Openssl 2025-04-09 N/A
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2004-2761 2 Ietf, Redhat 3 Md5, X.509 Certificate, Certificate System 2025-04-09 N/A
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
CVE-2009-4144 2 Gnome, Redhat 2 Networkmanager, Enterprise Linux 2025-04-09 N/A
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
CVE-2009-4034 1 Postgresql 1 Postgresql 2025-04-09 N/A
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-1474 1 Aten 2 Kh1516i Ip Kvm Switch, Kn9116 Ip Kvm Switch 2025-04-09 N/A
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2009-1477 1 Aten 3 Kh1516i Ip Kvm Switch, Kn9116 Ip Kvm Switch, Pn9108 Power Over The Net 2025-04-09 N/A
The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.
CVE-2007-5373 1 Ldapscripts 1 Ldapscripts 2025-04-09 N/A
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
CVE-2008-4165 1 Kolab 1 Kolab Groupware Server 2025-04-09 N/A
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.
CVE-2008-4227 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 N/A
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
CVE-2009-2319 1 Axesstel 1 Mv 410r 2025-04-09 N/A
The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-0222 1 Kingston 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure 2025-04-09 N/A
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVE-2010-0228 1 Verbatim 1 Corporate Secure 2025-04-09 N/A
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVE-2009-2312 1 Mcafee 1 Smartfilter 2025-04-09 N/A
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.
CVE-2008-5328 1 Ibm 1 Rational Clearquest 2025-04-09 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
CVE-2009-2951 1 Phenotype-cms 1 Phenotype Cms 2025-04-09 N/A
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2025-04-09 N/A
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.