Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8760 | 1 Process-one | 1 Ejabberd | 2015-09-10 | 5.0 MEDIUM | N/A |
| ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | |||||
| CVE-2013-4442 | 1 Pwgen Project | 1 Pwgen | 2015-09-10 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | |||||
| CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2015-07-29 | 4.3 MEDIUM | N/A |
| The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | |||||
| CVE-2014-0741 | 1 Cisco | 1 Unified Communications Manager | 2015-07-29 | 6.2 MEDIUM | N/A |
| The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | |||||
| CVE-2015-1571 | 1 Fortinet | 1 Fortios | 2015-07-22 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack." | |||||
| CVE-2015-4637 | 1 F5 | 4 Big-iq Adc, Big-iq Cloud, Big-iq Device and 1 more | 2015-07-21 | 4.3 MEDIUM | N/A |
| The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. | |||||
| CVE-2015-0118 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2015-06-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node. | |||||
| CVE-2012-4716 | 1 N-tron | 1 702w Industrial Wireless Access Point | 2015-06-16 | 8.8 HIGH | N/A |
| N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | |||||
| CVE-2015-1010 | 1 Rockwellautomation | 1 Rsview32 | 2015-06-02 | 4.9 MEDIUM | N/A |
| Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. | |||||
| CVE-2015-3610 | 1 Siemens | 1 Homecontrol For Room Automation | 2015-05-07 | 5.4 MEDIUM | N/A |
| The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | |||||
| CVE-2013-7436 | 1 Kanaka | 1 Novnc | 2015-05-05 | 4.3 MEDIUM | N/A |
| noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-5403 | 1 Hospira | 1 Mednet | 2015-04-03 | 5.0 MEDIUM | N/A |
| Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-0941 | 1 Inetc Project | 1 Inetc | 2015-03-24 | 4.3 MEDIUM | N/A |
| The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. | |||||
| CVE-2014-4040 | 1 Powerpc-utils Project | 1 Powerpc-utils | 2015-03-11 | 5.0 MEDIUM | N/A |
| snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2015-1596 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 5.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4476 | 1 Samba | 1 Samba | 2015-03-02 | 1.2 LOW | N/A |
| Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. | |||||
| CVE-2015-2078 | 1 Komodia | 1 Redirector Sdk | 2015-02-27 | 5.0 MEDIUM | N/A |
| The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077. | |||||
| CVE-2015-1355 | 1 Siemens | 1 Simatic Step 7 | 2015-02-18 | 2.1 LOW | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | |||||
| CVE-2015-1569 | 1 Fortinet | 1 Forticlient | 2015-02-11 | 4.3 MEDIUM | N/A |
| Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | |||||
| CVE-2015-1570 | 1 Fortinet | 1 Forticlient | 2015-02-11 | 4.3 MEDIUM | N/A |
| The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||