Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-7239 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-08-07 | N/A |
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | ||||
CVE-2006-6674 | 1 Ozeki | 1 Http-sms Gateway | 2024-08-07 | N/A |
Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. | ||||
CVE-2006-5982 | 1 Biba Software | 1 Seleniumserver Ftp Server | 2024-08-07 | N/A |
SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
CVE-2006-4339 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Network Satellite and 1 more | 2024-08-07 | N/A |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | ||||
CVE-2006-1056 | 3 Freebsd, Linux, Redhat | 3 Freebsd, Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | ||||
CVE-2006-0591 | 2 Redhat, Solar Designer | 2 Enterprise Linux, Crypt Blowfish | 2024-08-07 | N/A |
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | ||||
CVE-2006-0270 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | ||||
CVE-2007-6635 | 1 Netbizcity | 1 Faqmasterflexplus | 2024-08-07 | N/A |
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access. | ||||
CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | ||||
CVE-2007-6192 | 1 Citrix | 1 Netscaler | 2024-08-07 | N/A |
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. | ||||
CVE-2007-5863 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | ||||
CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2024-08-07 | N/A |
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | ||||
CVE-2007-5792 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2024-08-07 | N/A |
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | ||||
CVE-2007-5768 | 1 Globe7 | 1 Globe7 | 2024-08-07 | N/A |
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. | ||||
CVE-2007-5638 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2024-08-07 | N/A |
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | ||||
CVE-2007-5701 | 1 Ibm | 1 Lotus Domino | 2024-08-07 | N/A |
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | ||||
CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2024-08-07 | N/A |
Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | ||||
CVE-2007-5502 | 1 Openssl | 1 Fips Object Module | 2024-08-07 | N/A |
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | ||||
CVE-2007-5373 | 1 Ldapscripts | 1 Ldapscripts | 2024-08-07 | N/A |
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function. | ||||
CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2024-08-07 | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. |