Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 5.0 MEDIUM | N/A |
| The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4006 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
| CVE-2013-4030 | 1 Ibm | 31 Bladecenter, Flex System Manager Node 7955, Flex System Manager Node 8731 and 28 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. | |||||
| CVE-2013-0483 | 1 Ibm | 1 Ims Enterprise Suite | 2017-08-29 | 5.0 MEDIUM | N/A |
| The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4038 | 1 Ibm | 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more | 2017-08-29 | 4.0 MEDIUM | N/A |
| The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file. | |||||
| CVE-2013-2125 | 1 Openbsd | 1 Opensmtpd | 2017-08-29 | 5.0 MEDIUM | N/A |
| OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||||
| CVE-2013-5468 | 1 Ibm | 1 Algo One | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-6305 | 1 Ibm | 1 Platform Symphony | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | |||||
| CVE-2013-1427 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2017-08-29 | 1.9 LOW | N/A |
| The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. | |||||
| CVE-2012-4829 | 1 Ibm | 1 Xiv Storage System Gen3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | |||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | |||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2017-08-29 | 10.0 HIGH | N/A |
| login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64. | |||||
| CVE-2012-5756 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. | |||||
| CVE-2012-3732 | 1 Apple | 1 Iphone Os | 2017-08-29 | 6.4 MEDIUM | N/A |
| Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. | |||||
| CVE-2012-3715 | 1 Apple | 1 Safari | 2017-08-29 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-5373 | 1 Oracle | 3 Jdk, Jre, Openjdk | 2017-08-29 | 5.0 MEDIUM | N/A |
| Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. | |||||
| CVE-2012-4578 | 2 Freebsd, Pawel Jakub Dawidek | 2 Freebsd, Geli | 2017-08-29 | 2.1 LOW | N/A |
| The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. | |||||
| CVE-2012-4366 | 1 Belkin | 4 N150 Wireless Router, N300 Wireless Router, N450 Wireless Router and 1 more | 2017-08-29 | 3.3 LOW | N/A |
| Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. | |||||
| CVE-2012-4947 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2017-08-29 | 5.0 MEDIUM | N/A |
| Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. | |||||
| CVE-2012-5662 | 1 Paul Mattes | 1 X3270 | 2017-08-29 | 5.8 MEDIUM | N/A |
| x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||