Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3514 | 1 Nicolas Cannasse | 1 Ocaml Xml-light Library | 2014-02-12 | 5.0 MEDIUM | N/A |
| OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
| CVE-2013-6838 | 2 Enghouseinteractive, Openvz | 2 Ivr Pro, Vzkernel | 2014-01-31 | 10.0 HIGH | N/A |
| An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key. | |||||
| CVE-2013-1769 | 1 Simon Mcvittie | 1 Telepathy Gabble | 2014-01-22 | 5.0 MEDIUM | N/A |
| A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message. | |||||
| CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2014-01-14 | 6.5 MEDIUM | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | |||||
| CVE-2013-6386 | 1 Drupal | 1 Drupal | 2014-01-14 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | |||||
| CVE-2012-2126 | 3 Canonical, Redhat, Rubygems | 3 Ubuntu Linux, Openshift, Rubygems | 2014-01-14 | 4.3 MEDIUM | N/A |
| RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | |||||
| CVE-2013-6181 | 1 Emc | 1 Watch4net | 2014-01-08 | 2.1 LOW | N/A |
| EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | |||||
| CVE-2013-4550 | 2 Duckcorp, Fedoraproject | 2 Bip, Fedora | 2014-01-04 | 5.1 MEDIUM | N/A |
| Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. | |||||
| CVE-2013-4351 | 1 Gnupg | 1 Gnupg | 2014-01-04 | 5.8 MEDIUM | N/A |
| GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. | |||||
| CVE-2011-5268 | 2 Duckcorp, Fedoraproject | 2 Bip, Fedora | 2014-01-04 | 4.3 MEDIUM | N/A |
| connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue. | |||||
| CVE-2013-7222 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 5.0 MEDIUM | N/A |
| config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. | |||||
| CVE-2013-2179 | 1 X | 1 X Display Manager | 2013-12-27 | 4.3 MEDIUM | N/A |
| X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode. | |||||
| CVE-2013-6986 | 1 Zippyyum | 1 Subway Ordering For California | 2013-12-20 | 2.1 LOW | N/A |
| The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements. | |||||
| CVE-2013-7128 | 1 Valvesoftware | 1 Steamos | 2013-12-18 | 2.1 LOW | N/A |
| Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2013-5676 | 1 Sonarsource | 2 Jenkins Plugin, Sonarqube | 2013-12-16 | 4.0 MEDIUM | N/A |
| The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure. | |||||
| CVE-2013-3624 | 1 Baramundi | 1 Management Suite | 2013-12-13 | 7.8 HIGH | N/A |
| The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763. | |||||
| CVE-2013-3710 | 1 Novell | 1 Suse Lifecycle Management Server | 2013-12-12 | 4.3 MEDIUM | N/A |
| SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | |||||
| CVE-2013-1058 | 1 Canonical | 2 Maas, Ubuntu Linux | 2013-11-25 | 5.8 MEDIUM | N/A |
| maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||||
| CVE-2013-3285 | 1 Emc | 1 Networker | 2013-11-15 | 3.5 LOW | N/A |
| The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources. | |||||
| CVE-2013-5915 | 1 Polarssl | 1 Polarssl | 2013-10-31 | 4.3 MEDIUM | N/A |
| The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. | |||||