Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2017-08-16 | 7.8 HIGH | N/A |
| The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
| CVE-2009-1417 | 1 Gnu | 1 Gnutls | 2017-08-16 | 5.0 MEDIUM | N/A |
| gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. | |||||
| CVE-2008-7113 | 1 Kyoceramita | 1 Scanner File Utility | 2017-08-16 | 6.4 MEDIUM | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | |||||
| CVE-2008-7020 | 1 Mcafee | 1 Safeboot Device Encryption | 2017-08-16 | 2.1 LOW | N/A |
| McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2017-08-16 | 7.5 HIGH | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | |||||
| CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2017-08-16 | 6.5 MEDIUM | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-6908 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2017-08-16 | 7.5 HIGH | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2017-08-16 | 4.3 MEDIUM | N/A |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||
| CVE-2008-6792 | 1 Ubuntu | 1 Linux | 2017-08-16 | 5.0 MEDIUM | N/A |
| system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | |||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2017-08-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | |||||
| CVE-2015-8013 | 1 Openpgpjs | 1 Openpgpjs | 2017-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | |||||
| CVE-2009-0368 | 1 Opensc-project | 1 Opensc | 2017-08-07 | 2.1 LOW | N/A |
| OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. | |||||
| CVE-2009-0255 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 5.0 MEDIUM | N/A |
| The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | |||||
| CVE-2008-6073 | 1 Magic2003 | 1 Storagecrypt | 2017-08-07 | 4.9 MEDIUM | N/A |
| StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5659 | 1 Gnu | 1 Classpath | 2017-08-07 | 7.5 HIGH | N/A |
| The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | |||||
| CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-5328 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 4.6 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process. | |||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2017-08-07 | 5.0 MEDIUM | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | |||||
| CVE-2008-4165 | 1 Kolab | 1 Kolab Groupware Server | 2017-08-07 | 4.0 MEDIUM | N/A |
| admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. | |||||
| CVE-2008-3236 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | |||||