Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7554 1 Bouqs - Flowers Simplified Project 1 Bouqs - Flowers Simplified 2025-04-12 N/A
The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7557 1 Zroadster 1 Zroadster.com 2025-04-12 N/A
The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7559 1 Instatalks 1 Instatalks 2025-04-12 N/A
The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-1208 1 Cisco 2 Nexus 1000v, Nx-os 2025-04-11 N/A
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.
CVE-2013-3687 1 Ovislink 6 Airlive Od-2025hd, Airlive Od-2060hd, Airlive Poe100hd and 3 more 2025-04-11 N/A
AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.
CVE-2013-5173 1 Apple 1 Mac Os X 2025-04-11 N/A
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
CVE-2013-5180 1 Apple 1 Mac Os X 2025-04-11 N/A
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.
CVE-2013-5181 1 Apple 1 Mac Os X 2025-04-11 N/A
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-5185 1 Apple 1 Mac Os X 2025-04-11 N/A
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.
CVE-2013-1618 1 Opera 1 Opera Browser 2025-04-11 N/A
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-1623 1 Yassl 1 Cyassl 2025-04-11 N/A
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2012-2678 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2025-04-11 N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVE-2012-5372 1 Rubinius 1 Rubinius 2025-04-11 N/A
Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.
CVE-2013-3989 1 Ibm 1 Security Appscan 2025-04-11 N/A
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
CVE-2013-1853 1 Almanah Project 1 Almanah 2025-04-11 N/A
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
CVE-2010-2637 1 Ibm 1 Websphere Mq 2025-04-11 N/A
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
CVE-2011-4432 1 Merethis 1 Centreon 2025-04-11 N/A
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
CVE-2012-2146 1 Ematia 1 Elixir 2025-04-11 N/A
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.
CVE-2013-0166 2 Openssl, Redhat 6 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
CVE-2012-2126 3 Canonical, Redhat, Rubygems 5 Ubuntu Linux, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-11 N/A
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.