Search Results (4595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7075 1 Typo3 1 Typo3 2025-04-11 N/A
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
CVE-2013-7222 1 Fatfreecrm 1 Fat Free Crm 2025-04-11 N/A
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
CVE-2012-4930 2 Google, Mozilla 2 Chrome, Firefox 2025-04-11 N/A
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVE-2012-3746 1 Apple 1 Iphone Os 2025-04-11 N/A
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
CVE-2014-0837 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-11 N/A
The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2011-1128 1 Simplemachines 1 Smf 2025-04-11 N/A
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
CVE-2014-1242 1 Apple 1 Itunes 2025-04-11 N/A
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
CVE-2012-3514 1 Nicolas Cannasse 1 Ocaml Xml-light Library 2025-04-11 N/A
OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2011-1209 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."
CVE-2011-0442 1 Emc 1 Avamar 2025-04-11 N/A
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-2344 1 Google 1 Android 2025-04-11 N/A
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
CVE-2011-0410 1 Collabnet 1 Scrumworks 2025-04-11 N/A
CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database.
CVE-2011-0207 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.
CVE-2010-5079 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-4321 1 Joomla 1 Joomla\! 2025-04-11 N/A
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
CVE-2010-3869 1 Redhat 2 Certificate System, Dogtag Certificate System 2025-04-11 N/A
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.
CVE-2010-3075 1 Arg0 1 Encfs 2025-04-11 N/A
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.
CVE-2012-2681 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2025-04-11 N/A
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
CVE-2011-3590 1 Redhat 2 Enterprise Linux, Kexec-tools 2025-04-11 N/A
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.
CVE-2010-3074 1 Arg0 1 Encfs 2025-04-11 N/A
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.