Search Results (4593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1911 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
CVE-2012-3006 1 Innominate 19 Eagle Mguard Bd-301010, Eagle Mguard Hw-201000, Mguard Blade Hw-104020 and 16 more 2025-04-11 N/A
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.
CVE-2011-2142 1 Ibm 1 Datacap Taskmaster Capture 2025-04-11 N/A
The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors.
CVE-2010-4007 1 Oracle 1 Mojarra 2025-04-11 N/A
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
CVE-2013-0941 3 Apache, Microsoft, Rsa 7 Http Server, Internet Information Server, Windows and 4 more 2025-04-11 N/A
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVE-2012-2499 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-11 N/A
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
CVE-2010-2967 1 Windriver 1 Vxworks 2025-04-11 N/A
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
CVE-2009-4269 1 Apache 1 Derby 2025-04-11 N/A
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
CVE-2010-1323 2 Mit, Redhat 3 Kerberos, Kerberos 5, Enterprise Linux 2025-04-11 N/A
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
CVE-2012-4899 1 Wellintech 1 Kingview 2025-04-11 N/A
WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.
CVE-2013-1740 2 Mozilla, Redhat 2 Network Security Services, Enterprise Linux 2025-04-11 N/A
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
CVE-2012-4615 1 Emc 1 It Operations Intelligence 2025-04-11 N/A
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2010-4302 2 Cisco, Linux 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more 2025-04-11 N/A
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.
CVE-2013-4476 1 Samba 1 Samba 2025-04-11 N/A
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
CVE-2010-4184 1 Netsupportsoftware 1 Netsupport Manager 2025-04-11 N/A
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network.
CVE-2012-0681 1 Apple 1 Apple Remote Desktop 2025-04-11 N/A
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
CVE-2012-4115 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.
CVE-2012-4114 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949.
CVE-2012-2739 1 Oracle 3 Jdk, Jre, Openjdk 2025-04-11 N/A
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2012-3887 1 Airdroid 1 Airdroid 2025-04-11 N/A
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.