Export limit exceeded: 363124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2510 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0935 | 1 Cisco | 1 Ios | 2025-04-11 | N/A |
| The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. | ||||
| CVE-2011-3693 | 1 Netsaro | 1 Enterprise Messenger Server | 2025-04-11 | N/A |
| NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. | ||||
| CVE-2011-0207 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | ||||
| CVE-2011-0281 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. | ||||
| CVE-2006-7239 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-11 | N/A |
| The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | ||||
| CVE-2011-4108 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | ||||
| CVE-2011-1840 | 2 Google, Martinicreations | 2 Android, Passmanlite Password Manager | 2025-04-11 | N/A |
| The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access. | ||||
| CVE-2013-6329 | 1 Ibm | 3 Content Manager Ondemand For Multiplatforms, Global Security Kit, Security Access Manager For Web | 2025-04-11 | N/A |
| IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. | ||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | ||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2025-04-11 | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | ||||
| CVE-2010-2011 | 1 Microsoft | 1 Dynamics Gp | 2025-04-11 | N/A |
| Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. | ||||
| CVE-2011-4083 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. | ||||
| CVE-2012-2162 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | ||||
| CVE-2012-5370 | 2 Jruby, Redhat | 3 Jruby, Fuse Esb Enterprise, Jboss Enterprise Soa Platform | 2025-04-11 | N/A |
| JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838. | ||||
| CVE-2013-0169 | 4 Openssl, Oracle, Polarssl and 1 more | 11 Openssl, Openjdk, Polarssl and 8 more | 2025-04-11 | N/A |
| The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||||
| CVE-2012-6093 | 3 Canonical, Opensuse, Qt | 3 Ubuntu Linux, Opensuse, Qt | 2025-04-11 | N/A |
| The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. | ||||
| CVE-2013-0483 | 1 Ibm | 1 Ims Enterprise Suite | 2025-04-11 | N/A |
| The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2013-4062 | 1 Ibm | 1 Rational Policy Tester | 2025-04-11 | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | ||||
| CVE-2013-4134 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2025-04-11 | N/A |
| OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. | ||||
| CVE-2013-1618 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||||