Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-310
Total 2470 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0059 1 Redhat 2 Network Proxy, Satellite 2022-02-03 4.3 MEDIUM N/A
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.
CVE-2008-0166 3 Canonical, Debian, Openssl 3 Ubuntu Linux, Debian Linux, Openssl 2022-02-02 7.8 HIGH N/A
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
CVE-2012-1803 1 Siemens 1 Ruggedcom Rugged Operating System 2022-02-01 8.5 HIGH N/A
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
CVE-2014-4630 1 Dell 2 Bsafe Micro-edition-suite, Bsafe Ssl-j 2021-12-09 4.3 MEDIUM N/A
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
CVE-2014-0627 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2021-12-09 5.0 MEDIUM N/A
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
CVE-2014-0626 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2021-12-09 5.0 MEDIUM N/A
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
CVE-2014-0636 1 Dell 1 Bsafe Micro-edition-suite 2021-12-09 5.8 MEDIUM N/A
EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.
CVE-2013-0289 1 Isync Project 1 Isync 2021-11-30 4.3 MEDIUM N/A
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-4192 1 Dell 1 Bsafe Share 2021-11-30 5.0 MEDIUM N/A
The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
CVE-2014-4191 1 Dell 1 Bsafe Share 2021-11-30 5.0 MEDIUM N/A
The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
CVE-2014-4193 1 Dell 1 Bsafe Share 2021-11-30 5.0 MEDIUM N/A
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.
CVE-2012-5456 1 Zoner 1 Zoner Antivirus Free 2021-11-22 4.3 MEDIUM N/A
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files.
CVE-2013-2153 1 Apache 1 Xml Security For C\+\+ 2021-09-17 4.3 MEDIUM N/A
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."
CVE-2015-4056 1 Dell 1 Vce Vision Intelligent Operations 2021-09-09 2.1 LOW 6.7 MEDIUM
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.
CVE-2012-2098 1 Apache 1 Commons Compress 2021-08-12 5.0 MEDIUM N/A
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
CVE-2013-3287 1 Dell 1 Emc Unisphere 2021-08-05 1.9 LOW N/A
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
CVE-2013-7449 3 Canonical, Hexchat Project, Xchat 4 Ubuntu Linux, Hexchat, Xchat and 1 more 2021-07-20 5.8 MEDIUM 6.5 MEDIUM
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-2681 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2021-07-15 5.8 MEDIUM N/A
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
CVE-2013-2548 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2021-07-15 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2547 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2021-07-15 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.