Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0766 2 Erlang, Ssh 3 Crypto, Erlang\/otp, Ssh 2025-04-11 N/A
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
CVE-2010-4020 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-11 N/A
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
CVE-2010-2270 1 Accoria 1 Rock Web Server 2025-04-11 N/A
Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
CVE-2011-2483 4 Openwall, Php, Postgresql and 1 more 4 Crypt Blowfish, Php, Postgresql and 1 more 2025-04-11 N/A
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
CVE-2011-1209 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."
CVE-2010-1194 1 Stafford.uklinux 1 Libesmtp 2025-04-11 N/A
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
CVE-2010-2072 1 Radovan Garabik 1 Pyftpd 2025-04-11 N/A
Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.
CVE-2011-2736 1 Rsa 1 Envision 2025-04-11 N/A
RSA enVision 4.x before 4 SP4 P3 places cleartext administrative credentials in Task Escalation e-mail messages, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox.
CVE-2013-6718 1 Ibm 1 Advanced Management Module Firmware 2025-04-11 N/A
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
CVE-2010-1324 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-11 N/A
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
CVE-2012-1574 2 Apache, Cloudera 3 Hadoop, Cloudera Cdh, Hadoop 2025-04-11 N/A
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
CVE-2010-1906 2 Consona, Microsoft 6 Consona Dynamic Agent, Consona Repair Manager, Consona Subscriber Activation and 3 more 2025-04-11 N/A
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
CVE-2011-1945 1 Openssl 1 Openssl 2025-04-11 N/A
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
CVE-2010-4311 1 Dustincowell 1 Free Simple Software 2025-04-11 N/A
Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.
CVE-2013-3287 1 Dell 1 Emc Unisphere 2025-04-11 N/A
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
CVE-2012-4899 1 Wellintech 1 Kingview 2025-04-11 N/A
WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.
CVE-2012-2898 2 Apple, Google 2 Ipad2, Chrome 2025-04-11 N/A
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.
CVE-2012-4947 1 Agilefleet 2 Fleetcommander, Fleetcommander Kiosk 2025-04-11 N/A
Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages.
CVE-2011-0043 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2025-04-11 N/A
Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
CVE-2012-0861 1 Redhat 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.