Export limit exceeded: 349374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 7.5 High |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | ||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | ||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 9.8 Critical |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | ||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-11-21 | 7.5 High |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | ||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | ||||
| CVE-2013-2233 | 1 Redhat | 1 Ansible | 2024-11-21 | N/A |
| Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | ||||
| CVE-2013-2213 | 1 Kde | 1 Paste Applet | 2024-11-21 | 5.5 Medium |
| The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | ||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 9.8 Critical |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | ||||
| CVE-2013-20003 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-11-21 | 8.3 High |
| Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | ||||
| CVE-2013-1053 | 1 Canonical | 1 Remote-login-service | 2024-11-21 | 5.5 Medium |
| In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions. | ||||
| CVE-2012-5623 | 1 Squirrelmail | 1 Change Passwd | 2024-11-21 | 7.5 High |
| Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | ||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 7.4 High |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | ||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 9.8 Critical |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | ||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | ||||
| CVE-2011-2487 | 2 Apache, Redhat | 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more | 2024-11-21 | 5.9 Medium |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | ||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.8 Medium |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
| CVE-2024-11308 | 1 Trcore | 1 Dvc | 2024-11-20 | 6.2 Medium |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | ||||
| CVE-2024-41784 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-20 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. | ||||
| CVE-2024-46889 | 2 Seimens, Siemens | 2 Sinec Ins, Sinec Ins | 2024-11-13 | 5.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. | ||||
| CVE-2024-10128 | 1 Topdata | 2 Inner Rep Plus, Inner Rep Plus Webserver | 2024-10-30 | 2.7 Low |
| A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||