Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 3.5 LOW | 2.2 LOW |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | |||||
| CVE-2021-41992 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2022-09-03 | 1.9 LOW | 5.6 MEDIUM |
| A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||||
| CVE-2008-4227 | 1 Apple | 2 Iphone Os, Ipod Touch | 2022-08-09 | 7.5 HIGH | N/A |
| Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. | |||||
| CVE-2021-41995 | 2 Apple, Pingidentity | 2 Macos, Pingid Integration For Mac Login | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2022-05-24 | 1.9 LOW | 4.1 MEDIUM |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | |||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2022-05-11 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
| CVE-2021-41994 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2022-05-10 | 1.9 LOW | 4.8 MEDIUM |
| A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||||
| CVE-2021-41993 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2022-05-10 | 1.9 LOW | 4.8 MEDIUM |
| A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||||
| CVE-2019-3731 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2012-0059 | 1 Redhat | 2 Network Proxy, Satellite | 2022-02-03 | 4.3 MEDIUM | N/A |
| Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. | |||||
| CVE-2012-1803 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2022-02-01 | 8.5 HIGH | N/A |
| RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. | |||||
| CVE-2014-4630 | 1 Dell | 2 Bsafe Micro-edition-suite, Bsafe Ssl-j | 2021-12-09 | 4.3 MEDIUM | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | |||||
| CVE-2014-0627 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2021-12-09 | 5.0 MEDIUM | N/A |
| The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | |||||
| CVE-2014-0626 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2021-12-09 | 5.0 MEDIUM | N/A |
| The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | |||||
| CVE-2014-0636 | 1 Dell | 1 Bsafe Micro-edition-suite | 2021-12-09 | 5.8 MEDIUM | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. | |||||
| CVE-2013-0289 | 1 Isync Project | 1 Isync | 2021-11-30 | 4.3 MEDIUM | N/A |
| Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-4192 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. | |||||
| CVE-2014-4191 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. | |||||
| CVE-2014-4193 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755. | |||||
| CVE-2012-5456 | 1 Zoner | 1 Zoner Antivirus Free | 2021-11-22 | 4.3 MEDIUM | N/A |
| The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. | |||||