Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2268 | 1 Dell | 1 Secureworks | 2018-10-09 | 5.8 MEDIUM | 6.8 MEDIUM |
| Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1919 | 1 Samsung | 1 Knox | 2018-10-09 | 1.9 LOW | 4.7 MEDIUM |
| Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. | |||||
| CVE-2015-4080 | 1 Kankun | 1 Smartsocket | 2018-10-09 | 6.8 MEDIUM | N/A |
| The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages. | |||||
| CVE-2015-3903 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-09 | 4.3 MEDIUM | N/A |
| libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-3008 | 1 Digium | 2 Asterisk, Certified Asterisk | 2018-10-09 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2014-8886 | 1 Avm | 1 Fritz\! Os | 2018-10-09 | 9.3 HIGH | 8.1 HIGH |
| AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image. | |||||
| CVE-2014-8371 | 1 Vmware | 1 Vcenter Server Appliance | 2018-10-09 | 4.3 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | |||||
| CVE-2014-6140 | 1 Ibm | 1 Tivoli Endpoint Manager Mobile Device Management | 2018-10-09 | 9.3 HIGH | N/A |
| IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal. | |||||
| CVE-2014-5171 | 1 Sap | 1 Hana Extend Application Services | 2018-10-09 | 2.9 LOW | N/A |
| SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | |||||
| CVE-2014-3503 | 1 Apache | 1 Syncope | 2018-10-09 | 5.0 MEDIUM | N/A |
| Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
| CVE-2014-2716 | 1 Ekahau | 4 Activator, B4 Staff Badge Tag, B4 Staff Badge Tag Firmware and 1 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. | |||||
| CVE-2014-0866 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2018-10-09 | 4.3 MEDIUM | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-0869 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2018-10-09 | 4.3 MEDIUM | N/A |
| The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function. | |||||
| CVE-2013-6449 | 1 Openssl | 1 Openssl | 2018-10-09 | 4.3 MEDIUM | N/A |
| The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. | |||||
| CVE-2013-6450 | 1 Openssl | 1 Openssl | 2018-10-09 | 5.8 MEDIUM | N/A |
| The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | |||||
| CVE-2013-1740 | 1 Mozilla | 1 Network Security Services | 2018-10-09 | 5.8 MEDIUM | N/A |
| The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. | |||||
| CVE-2011-2736 | 1 Rsa | 1 Envision | 2018-10-09 | 5.0 MEDIUM | N/A |
| RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. | |||||
| CVE-2011-1509 | 1 Manageengine | 1 Servicedesk Plus | 2018-10-09 | 5.0 MEDIUM | N/A |
| The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-0887 | 1 Smc Networks | 2 Smcd3g-ccr, Smcd3g-ccr Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie. | |||||
| CVE-2011-0442 | 1 Emc | 1 Avamar | 2018-10-09 | 3.5 LOW | N/A |
| The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||