Search Results (4598 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2661 1 Strongswan 1 Strongswan 2026-04-23 N/A
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
CVE-2008-3102 1 Mantisbt 1 Mantisbt 2026-04-23 N/A
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2007-6192 1 Citrix 1 Netscaler 2026-04-23 N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
CVE-2008-4368 1 Apple 1 Mac Os X 2026-04-23 N/A
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.
CVE-2008-6909 2 Drupal, Marc Ingram 2 Drupal, Services 2026-04-23 N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2026-04-23 N/A
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
CVE-2008-6828 1 Symantec 1 Altiris Deployment Solution 2026-04-23 7.8 High
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
CVE-2009-1417 1 Gnu 1 Gnutls 2026-04-23 N/A
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
CVE-2007-5502 1 Openssl 1 Fips Object Module 2026-04-23 N/A
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
CVE-2009-1416 1 Gnu 1 Gnutls 2026-04-23 N/A
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
CVE-2008-6910 2 Drupal, Marc Ingram 2 Drupal, Services 2026-04-23 N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
CVE-2008-6792 1 Ubuntu 1 Linux 2026-04-23 N/A
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
CVE-2007-5470 1 Microsoft 1 Expression Media 2026-04-23 N/A
Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
CVE-2008-1431 1 Raidsonic Technology 2 Firmware, Nas-4220-b 2026-04-23 N/A
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.
CVE-2009-2201 1 Apple 1 Xsan 2026-04-23 N/A
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.
CVE-2009-0547 2 Evolution, Redhat 2 Evolution, Enterprise Linux 2026-04-23 N/A
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
CVE-2009-2982 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-23 N/A
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.
CVE-2009-2061 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
CVE-2009-1466 1 Klinzmann 1 Application Access Server 2026-04-23 5.5 Medium
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
CVE-2007-4311 1 Linux 1 Linux Kernel 2026-04-23 N/A
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.