Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6950 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | ||||
| CVE-2013-4708 | 1 Iij | 12 Seil\%2fb1 Firmware, Seil\%2fneu 2fe Plus Firmware, Seil\%2fturbo Firmware and 9 more | 2025-04-11 | N/A |
| The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic. | ||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2025-04-11 | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | ||||
| CVE-2012-2146 | 1 Ematia | 1 Elixir | 2025-04-11 | N/A |
| Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. | ||||
| CVE-2012-2405 | 2 Maian, Menalto | 2 Gallery, Gallery | 2025-04-11 | N/A |
| Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. | ||||
| CVE-2012-2417 | 1 Dlitz | 1 Pycrypto | 2025-04-11 | N/A |
| PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. | ||||
| CVE-2012-2681 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2025-04-11 | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | ||||
| CVE-2010-0231 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | N/A |
| The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." | ||||
| CVE-2006-7239 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-11 | N/A |
| The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | ||||
| CVE-2013-7030 | 1 Cisco | 2 Cisco Unified Communications Manager, Unified Communications Manager | 2025-04-11 | 7.3 High |
| The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue | ||||
| CVE-2009-5032 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | ||||
| CVE-2010-3075 | 1 Arg0 | 1 Encfs | 2025-04-11 | N/A |
| EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | ||||
| CVE-2011-3212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. | ||||
| CVE-2011-4321 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | ||||
| CVE-2012-3312 | 1 Ibm | 1 Infosphere Guardium | 2025-04-11 | N/A |
| The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2025-04-11 | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | ||||
| CVE-2012-3533 | 2 Ovirt, Ovirt-engine-sdk | 3 Ovirt, Ovirt-engine-cli, 3.1.0.5 | 2025-04-11 | N/A |
| The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-3734 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. | ||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | ||||