Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4351 | 1 Gnupg | 1 Gnupg | 2014-01-03 | 5.8 MEDIUM | N/A |
| GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. | |||||
| CVE-2013-4550 | 2 Duckcorp, Fedoraproject | 2 Bip, Fedora | 2014-01-03 | 5.1 MEDIUM | N/A |
| Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. | |||||
| CVE-2012-5375 | 1 Linux | 1 Linux Kernel | 2014-01-03 | 4.0 MEDIUM | N/A |
| The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. | |||||
| CVE-2012-5374 | 1 Linux | 1 Linux Kernel | 2014-01-03 | 4.0 MEDIUM | N/A |
| The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value. | |||||
| CVE-2011-5268 | 2 Duckcorp, Fedoraproject | 2 Bip, Fedora | 2014-01-03 | 4.3 MEDIUM | N/A |
| connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue. | |||||
| CVE-2013-7222 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 5.0 MEDIUM | N/A |
| config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. | |||||
| CVE-2013-2179 | 1 X | 1 X Display Manager | 2013-12-27 | 4.3 MEDIUM | N/A |
| X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode. | |||||
| CVE-2013-6986 | 1 Zippyyum | 1 Subway Ordering For California | 2013-12-19 | 2.1 LOW | N/A |
| The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements. | |||||
| CVE-2013-7128 | 1 Valvesoftware | 1 Steamos | 2013-12-18 | 2.1 LOW | N/A |
| Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2013-5676 | 1 Sonarsource | 2 Jenkins Plugin, Sonarqube | 2013-12-16 | 4.0 MEDIUM | N/A |
| The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure. | |||||
| CVE-2013-3624 | 1 Baramundi | 1 Management Suite | 2013-12-12 | 7.8 HIGH | N/A |
| The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763. | |||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2013-12-12 | 4.3 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | |||||
| CVE-2013-1058 | 1 Canonical | 2 Maas, Ubuntu Linux | 2013-11-25 | 5.8 MEDIUM | N/A |
| maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||||
| CVE-2013-3285 | 1 Emc | 1 Networker | 2013-11-15 | 3.5 LOW | N/A |
| The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources. | |||||
| CVE-2013-5915 | 1 Polarssl | 1 Polarssl | 2013-10-30 | 4.3 MEDIUM | N/A |
| The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. | |||||
| CVE-2011-5036 | 1 Rack Project | 1 Rack | 2013-10-30 | 5.0 MEDIUM | N/A |
| Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-3704 | 1 Novell | 1 Libzypp | 2013-10-29 | 4.3 MEDIUM | N/A |
| The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key. | |||||
| CVE-2013-1445 | 1 Dlitz | 1 Pycrypto | 2013-10-28 | 4.3 MEDIUM | N/A |
| The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | |||||
| CVE-2013-4293 | 1 Redhat | 1 Jboss Operations Network | 2013-10-25 | 2.1 LOW | N/A |
| The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. | |||||
| CVE-2013-5173 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.1 LOW | N/A |
| The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||||