Export limit exceeded: 344016 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2507 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4828 | 1 Hp | 22 Color Laserjet Cm4540, Color Laserjet Cm4540f, Color Laserjet Cm4540fskm and 19 more | 2025-04-11 | N/A |
| HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-5676 | 1 Sonarsource | 2 Jenkins Plugin, Sonarqube | 2025-04-11 | N/A |
| The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure. | ||||
| CVE-2013-5679 | 1 Owasp | 1 Enterprise Security Api | 2025-04-11 | N/A |
| The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length. | ||||
| CVE-2013-6659 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation. | ||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2025-04-11 | N/A |
| The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | ||||
| CVE-2013-6718 | 1 Ibm | 1 Advanced Management Module Firmware | 2025-04-11 | N/A |
| The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | ||||
| CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | ||||
| CVE-2014-0627 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2025-04-11 | N/A |
| The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | ||||
| CVE-2013-6838 | 2 Enghouseinteractive, Openvz | 2 Ivr Pro, Vzkernel | 2025-04-11 | N/A |
| An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key. | ||||
| CVE-2013-6950 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | ||||
| CVE-2013-6951 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate. | ||||
| CVE-2013-6952 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | N/A |
| The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | ||||
| CVE-2014-0626 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2025-04-11 | N/A |
| The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | ||||
| CVE-2010-0362 | 1 Zeus | 1 Zeus Web Server | 2025-04-11 | N/A |
| Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | ||||
| CVE-2010-0525 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | ||||
| CVE-2010-1128 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. | ||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2025-04-11 | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | ||||
| CVE-2010-1192 | 1 Stafford.uklinux | 1 Libesmtp | 2025-04-11 | N/A |
| libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2010-1194 | 1 Stafford.uklinux | 1 Libesmtp | 2025-04-11 | N/A |
| The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName. | ||||
| CVE-2010-2468 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2025-04-11 | N/A |
| The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | ||||