Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-310
Total 2470 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2547 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2021-07-15 2.1 LOW N/A
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-6445 1 Redhat 1 Enterprise Mrg 2021-07-15 5.0 MEDIUM N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
CVE-2014-0035 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2021-06-16 4.3 MEDIUM N/A
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2016-0736 1 Apache 1 Http Server 2021-06-06 5.0 MEDIUM 7.5 HIGH
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.
CVE-2009-3273 1 Apple 1 Iphone Os 2021-05-22 7.5 HIGH N/A
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVE-2016-6257 4 Amazonbasics, Dell, Lenovo and 1 more 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more 2021-04-22 3.3 LOW 6.5 MEDIUM
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
CVE-2011-1655 1 Broadcom 1 Total Defense 2021-04-12 7.5 HIGH N/A
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
CVE-2014-6799 1 Broadcom 1 Investigation Tool 2021-04-09 5.4 MEDIUM N/A
The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1637 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2021-04-07 4.3 MEDIUM N/A
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.
CVE-2012-6702 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2021-01-25 4.3 MEDIUM 5.9 MEDIUM
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE-2009-4302 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
CVE-2016-1000343 2 Bouncycastle, Debian 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux 2020-10-20 5.0 MEDIUM 7.5 HIGH
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
CVE-2016-1000339 2 Bouncycastle, Debian 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux 2020-10-20 5.0 MEDIUM 5.3 MEDIUM
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CVE-2016-1000344 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2020-10-20 5.8 MEDIUM 7.4 HIGH
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVE-2016-1000352 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2020-10-20 5.8 MEDIUM 7.4 HIGH
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVE-2014-0102 1 Linux 1 Linux Kernel 2020-08-27 5.2 MEDIUM N/A
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
CVE-2013-6673 5 Canonical, Fedoraproject, Mozilla and 2 more 10 Ubuntu Linux, Fedora, Firefox and 7 more 2020-08-12 4.3 MEDIUM 5.9 MEDIUM
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
CVE-2012-0381 1 Cisco 2 Ios, Ios Xe 2020-07-29 7.8 HIGH 7.5 HIGH
The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.
CVE-2001-1463 1 Solarwinds 1 Serv-u File Server 2020-07-28 7.5 HIGH N/A
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
CVE-2015-6932 1 Vmware 1 Vcenter Server 2020-07-13 5.8 MEDIUM N/A
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.