Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 5.0 MEDIUM | N/A |
| The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-0483 | 1 Ibm | 1 Ims Enterprise Suite | 2017-08-29 | 5.0 MEDIUM | N/A |
| The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-5936 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2017-08-29 | 10.0 HIGH | N/A |
| login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64. | |||||
| CVE-2012-5756 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. | |||||
| CVE-2012-5662 | 1 Paul Mattes | 1 X3270 | 2017-08-29 | 5.8 MEDIUM | N/A |
| x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5373 | 1 Oracle | 3 Jdk, Jre, Openjdk | 2017-08-29 | 5.0 MEDIUM | N/A |
| Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. | |||||
| CVE-2012-5371 | 1 Ruby-lang | 1 Ruby | 2017-08-29 | 5.0 MEDIUM | N/A |
| Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. | |||||
| CVE-2012-5301 | 1 Cerberusftp | 1 Ftp Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. | |||||
| CVE-2012-4947 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2017-08-29 | 5.0 MEDIUM | N/A |
| Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. | |||||
| CVE-2012-4946 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2017-08-29 | 5.0 MEDIUM | N/A |
| Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings. | |||||
| CVE-2012-4829 | 1 Ibm | 1 Xiv Storage System Gen3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | |||||
| CVE-2012-4578 | 2 Freebsd, Pawel Jakub Dawidek | 2 Freebsd, Geli | 2017-08-29 | 2.1 LOW | N/A |
| The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. | |||||
| CVE-2012-4366 | 1 Belkin | 4 N150 Wireless Router, N300 Wireless Router, N450 Wireless Router and 1 more | 2017-08-29 | 3.3 LOW | N/A |
| Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. | |||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | |||||
| CVE-2012-3734 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. | |||||
| CVE-2012-3732 | 1 Apple | 1 Iphone Os | 2017-08-29 | 6.4 MEDIUM | N/A |
| Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. | |||||
| CVE-2012-3715 | 1 Apple | 1 Safari | 2017-08-29 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3533 | 2 Ovirt, Ovirt-engine-sdk | 3 Ovirt, Ovirt-engine-cli, 3.1.0.5 | 2017-08-29 | 5.0 MEDIUM | N/A |
| The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-3431 | 1 Redhat | 1 Jboss Enterprise Data Services Platform | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack. | |||||