Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7127 1 Apple 2 Mac Os X, Safari 2025-04-11 N/A
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
CVE-2013-7128 1 Valvesoftware 1 Steamos 2025-04-11 N/A
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file.
CVE-2013-7136 1 Upc 1 Ireland Cisco Epc2425 2025-04-11 N/A
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-7222 1 Fatfreecrm 1 Fat Free Crm 2025-04-11 N/A
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
CVE-2013-7295 1 Torproject 1 Tor 2025-04-11 N/A
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
CVE-2013-7304 1 Checkpoint 1 Endpoint Security Mi Server R73 2025-04-11 N/A
Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.
CVE-2010-1568 1 Cisco 1 Ironport Desktop Flag Plugin For Outlook 2025-04-11 N/A
The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623.
CVE-2014-0837 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-11 N/A
The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2010-0742 1 Openssl 1 Openssl 2025-04-11 N/A
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
CVE-2009-5084 1 Ibm 1 Tivoli Federated Identity Manager 2025-04-11 N/A
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
CVE-2009-5057 1 Otrs 1 Otrs 2025-04-11 N/A
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
CVE-2009-5032 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-4845 1 Toutvirtual 1 Virtualiq 2025-04-11 N/A
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields.
CVE-2009-2752 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
CVE-2009-2751 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.
CVE-2010-1689 1 Microsoft 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more 2025-04-11 N/A
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
CVE-2011-3189 1 Php 1 Php 2025-04-11 N/A
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
CVE-2011-3212 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.
CVE-2011-4046 1 Dell 1 Kace K2000 Systems Deployment Appliance 2025-04-11 N/A
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.
CVE-2011-4083 1 Redhat 2 Enterprise Linux, Sos 2025-04-11 N/A
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.