Total
2481 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0270 | 1 Oracle | 1 Database Server | 2018-10-19 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | |||||
CVE-2004-2761 | 1 Ietf | 2 Md5, X.509 Certificate | 2018-10-19 | 5.0 MEDIUM | N/A |
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. | |||||
CVE-2006-4339 | 1 Openssl | 1 Openssl | 2018-10-17 | 4.3 MEDIUM | N/A |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2018-10-16 | 4.4 MEDIUM | N/A |
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | |||||
CVE-2008-0759 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2018-10-15 | 5.0 MEDIUM | N/A |
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548. | |||||
CVE-2007-6635 | 1 Netbizcity | 1 Faqmasterflexplus | 2018-10-15 | 6.4 MEDIUM | N/A |
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access. | |||||
CVE-2007-6192 | 1 Citrix | 1 Netscaler | 2018-10-15 | 4.3 MEDIUM | N/A |
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. | |||||
CVE-2007-5863 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-15 | 9.3 HIGH | N/A |
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | |||||
CVE-2007-5638 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2018-10-15 | 4.3 MEDIUM | N/A |
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | |||||
CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2018-10-15 | 5.0 MEDIUM | N/A |
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | |||||
CVE-2007-4928 | 1 Axis | 1 207w Network Camera | 2018-10-15 | 4.9 MEDIUM | N/A |
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | |||||
CVE-2007-4926 | 1 Axis | 1 207w Camera | 2018-10-15 | 9.3 HIGH | N/A |
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | |||||
CVE-2007-4751 | 1 Data-vision | 1 Remotedocs R-viewer | 2018-10-15 | 1.9 LOW | N/A |
RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files. | |||||
CVE-2007-4750 | 1 Data-vision | 1 Remotedocs R-viewer | 2018-10-15 | 9.3 HIGH | N/A |
Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension. | |||||
CVE-2016-7270 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 5.0 MEDIUM | 7.5 HIGH |
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." | |||||
CVE-2015-2471 | 1 Microsoft | 1 Xml Core Services | 2018-10-12 | 4.3 MEDIUM | N/A |
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. | |||||
CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2018-10-12 | 4.3 MEDIUM | N/A |
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | |||||
CVE-2015-1672 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 5.0 MEDIUM | N/A |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability." | |||||
CVE-2014-1771 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 6.8 MEDIUM | N/A |
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability." | |||||
CVE-2017-17305 | 1 Huawei | 8 Usg2205bsr, Usg2205bsr Firmware, Usg2220bsr and 5 more | 2018-10-12 | 4.3 MEDIUM | 5.9 MEDIUM |
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. |