Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4354 | 1 Openssl | 1 Openssl | 2012-11-06 | 5.8 MEDIUM | N/A |
| crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. | |||||
| CVE-2012-4584 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-10-30 | 3.5 LOW | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. | |||||
| CVE-2010-5066 | 1 Vwar | 1 Virtual War | 2012-10-08 | 4.3 MEDIUM | N/A |
| The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack. | |||||
| CVE-2010-5079 | 1 Silverstripe | 1 Silverstripe | 2012-09-18 | 5.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-3458 | 1 Python | 1 Beaker | 2012-09-17 | 4.3 MEDIUM | N/A |
| Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. | |||||
| CVE-2012-3378 | 1 Gnome | 1 At-spi2-atk | 2012-09-05 | 3.3 LOW | N/A |
| The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. | |||||
| CVE-2011-5123 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2011-5121 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2012-2146 | 1 Ematia | 1 Elixir | 2012-08-27 | 4.3 MEDIUM | N/A |
| Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. | |||||
| CVE-2012-2317 | 2 Canonical, Debian | 4 Php5, Ubuntu Linux, Debian Linux and 1 more | 2012-08-08 | 4.3 MEDIUM | N/A |
| The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. | |||||
| CVE-2012-2500 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-07 | 4.0 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. | |||||
| CVE-2012-2499 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-07 | 5.8 MEDIUM | N/A |
| The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. | |||||
| CVE-2012-3018 | 1 Iconics | 2 Bizviz, Genesis32 | 2012-07-31 | 4.4 MEDIUM | N/A |
| The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. | |||||
| CVE-2012-3887 | 1 Airdroid | 1 Airdroid | 2012-07-27 | 5.0 MEDIUM | N/A |
| AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. | |||||
| CVE-2012-3818 | 1 Mikel Olasagasti | 1 Revelation | 2012-07-02 | 2.1 LOW | N/A |
| The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | |||||
| CVE-2011-5095 | 1 Openssl | 1 Openssl | 2012-06-21 | 4.0 MEDIUM | N/A |
| The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. | |||||
| CVE-2011-3685 | 1 Tembria | 1 Server Monitor | 2012-05-21 | 1.9 LOW | N/A |
| Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. | |||||
| CVE-2011-3693 | 1 Netsaro | 1 Enterprise Messenger Server | 2012-05-21 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. | |||||
| CVE-2011-3692 | 1 Netsaro | 1 Enterprise Messenger Server | 2012-05-21 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. | |||||
| CVE-2011-2190 | 1 Cherokee-project | 1 Cherokee | 2012-05-14 | 2.1 LOW | N/A |
| The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | |||||