Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0848 | 1 Ibm | 1 Netezza Performance Portal | 2017-08-29 | 3.5 LOW | N/A |
| The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||||
| CVE-2014-0837 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2014-0351 | 1 Fortinet | 1 Fortios | 2017-08-29 | 5.4 MEDIUM | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | |||||
| CVE-2013-7304 | 1 Checkpoint | 1 Endpoint Security Mi Server R73 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client. | |||||
| CVE-2013-7136 | 1 Upc | 1 Ireland Cisco Epc2425 | 2017-08-29 | 9.3 HIGH | N/A |
| The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-7127 | 1 Apple | 2 Mac Os X, Safari | 2017-08-29 | 2.1 LOW | N/A |
| Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2013-6718 | 1 Ibm | 1 Advanced Management Module Firmware | 2017-08-29 | 6.4 MEDIUM | N/A |
| The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | |||||
| CVE-2013-6329 | 1 Ibm | 3 Content Manager Ondemand For Multiplatforms, Global Security Kit, Security Access Manager For Web | 2017-08-29 | 7.8 HIGH | N/A |
| IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. | |||||
| CVE-2013-6305 | 1 Ibm | 1 Platform Symphony | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | |||||
| CVE-2013-5468 | 1 Ibm | 1 Algo One | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-5445 | 1 Ibm | 1 Cognos Express | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | |||||
| CVE-2013-5444 | 1 Ibm | 1 Cognos Express | 2017-08-29 | 5.0 MEDIUM | N/A |
| The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | |||||
| CVE-2013-4062 | 1 Ibm | 1 Rational Policy Tester | 2017-08-29 | 6.8 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | |||||
| CVE-2013-4038 | 1 Ibm | 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more | 2017-08-29 | 4.0 MEDIUM | N/A |
| The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file. | |||||
| CVE-2013-4030 | 1 Ibm | 31 Bladecenter, Flex System Manager Node 7955, Flex System Manager Node 8731 and 28 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. | |||||
| CVE-2013-4006 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
| CVE-2013-3989 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 3.5 LOW | N/A |
| IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content. | |||||
| CVE-2013-2125 | 1 Openbsd | 1 Opensmtpd | 2017-08-29 | 5.0 MEDIUM | N/A |
| OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||||
| CVE-2013-2100 | 1 Gentoo | 1 Portage | 2017-08-29 | 9.3 HIGH | N/A |
| The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | |||||
| CVE-2013-1427 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2017-08-29 | 1.9 LOW | N/A |
| The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. | |||||