Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-2967 | 1 Windriver | 1 Vxworks | 2024-09-16 | N/A |
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | ||||
CVE-2016-10584 | 1 Dalekjs | 1 Dalekjs | 2024-09-16 | N/A |
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2010-5066 | 1 Vwar | 1 Virtual War | 2024-09-16 | N/A |
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack. | ||||
CVE-2016-10667 | 1 Selenium-portal Project | 1 Selenium-portal | 2024-09-16 | N/A |
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2024-09-16 | N/A |
chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2013-1445 | 1 Dlitz | 1 Pycrypto | 2024-09-16 | N/A |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | ||||
CVE-2010-0525 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | ||||
CVE-2010-4007 | 1 Oracle | 1 Mojarra | 2024-09-16 | N/A |
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. | ||||
CVE-2016-10586 | 1 Macacajs | 1 Macaca-chromedriver | 2024-09-16 | N/A |
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10615 | 1 Curses Project | 1 Curses | 2024-09-16 | N/A |
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10555 | 1 Jwt-simple Project | 1 Jwt-simple | 2024-09-16 | N/A |
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. | ||||
CVE-2010-0228 | 1 Verbatim | 1 Corporate Secure | 2024-09-16 | N/A |
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | ||||
CVE-2011-1789 | 1 Vmware | 3 Esx, Esxi, Vcenter | 2024-09-16 | N/A |
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | ||||
CVE-2016-10661 | 1 Phantomjs-cheniu Project | 1 Phantomjs-cheniu | 2024-09-16 | N/A |
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2019-1940 | 1 Cisco | 1 Industrial Network Director | 2024-09-16 | 5.9 Medium |
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. | ||||
CVE-2013-2782 | 1 Schneider-electric | 2 Tburjr900, Tburjr900 Firmware | 2024-09-16 | N/A |
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | ||||
CVE-2018-5462 | 1 Philips | 1 Intellispace Portal | 2024-09-16 | N/A |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | ||||
CVE-2013-7128 | 1 Valvesoftware | 1 Steamos | 2024-09-16 | N/A |
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2016-10654 | 1 Sfml Project | 1 Sfml | 2024-09-16 | N/A |
sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | ||||
CVE-2024-42038 | 2024-08-08 | 8.8 High | ||
Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |