Export limit exceeded: 363619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1853 1 Almanah Project 1 Almanah 2025-04-11 N/A
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
CVE-2012-0863 1 Mumble 1 Mumble 2025-04-11 N/A
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
CVE-2012-1573 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-11 N/A
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
CVE-2010-3741 1 Rim 1 Blackberry Desktop Software 2025-04-11 N/A
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
CVE-2013-7222 1 Fatfreecrm 1 Fat Free Crm 2025-04-11 N/A
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
CVE-2010-3869 1 Redhat 2 Certificate System, Dogtag Certificate System 2025-04-11 N/A
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
CVE-2012-0386 1 Cisco 2 Ios, Ios Xe 2025-04-11 N/A
The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.
CVE-2010-4305 1 Cisco 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more 2025-04-11 N/A
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.
CVE-2011-0281 2 Mit, Redhat 3 Kerberos, Kerberos 5, Enterprise Linux 2025-04-11 N/A
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
CVE-2012-0726 1 Ibm 1 Tivoli Directory Server 2025-04-11 N/A
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.
CVE-2012-1150 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-11 N/A
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2010-4311 1 Dustincowell 1 Free Simple Software 2025-04-11 N/A
Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.
CVE-2011-1945 1 Openssl 1 Openssl 2025-04-11 N/A
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
CVE-2010-4334 1 Io-socket-ssl 1 Io-socket-ssl 2025-04-11 N/A
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.
CVE-2013-4293 1 Redhat 1 Jboss Operations Network 2025-04-11 N/A
The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.
CVE-2011-1673 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.
CVE-2013-2782 1 Schneider-electric 2 Tburjr900, Tburjr900 Firmware 2025-04-11 N/A
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2013-2784 1 Triplc 2 Nano-10 Plc, Nano-10 Plc Firmware 2025-04-11 N/A
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502.
CVE-2011-2223 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-5079 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.