Total
2480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4311 | 1 Dustincowell | 1 Free Simple Software | 2024-08-07 | N/A |
| Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2024-08-07 | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | ||||
| CVE-2010-4020 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2024-08-07 | N/A |
| MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. | ||||
| CVE-2010-3869 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2024-08-07 | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. | ||||
| CVE-2010-3804 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-08-07 | N/A |
| The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. | ||||
| CVE-2010-3741 | 1 Rim | 1 Blackberry Desktop Software | 2024-08-07 | N/A |
| The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. | ||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2024-08-07 | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | ||||
| CVE-2010-3399 | 1 Mozilla | 1 Firefox | 2024-08-07 | N/A |
| The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | ||||
| CVE-2010-3400 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-08-07 | N/A |
| The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. | ||||
| CVE-2010-3173 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-07 | N/A |
| The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||||
| CVE-2010-3171 | 1 Mozilla | 1 Firefox | 2024-08-07 | N/A |
| The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. | ||||
| CVE-2010-3170 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-07 | N/A |
| Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2010-3075 | 1 Arg0 | 1 Encfs | 2024-08-07 | N/A |
| EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | ||||
| CVE-2010-3074 | 1 Arg0 | 1 Encfs | 2024-08-07 | N/A |
| SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | ||||
| CVE-2010-3073 | 1 Arg0 | 1 Encfs | 2024-08-07 | N/A |
| SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | ||||
| CVE-2010-2757 | 1 Mozilla | 1 Bugzilla | 2024-08-07 | N/A |
| The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. | ||||
| CVE-2010-2603 | 3 Apple, Microsoft, Rim | 3 Mac Os X, Windows, Blackberry Desktop Software | 2024-08-07 | N/A |
| RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | ||||
| CVE-2010-2637 | 1 Ibm | 1 Websphere Mq | 2024-08-07 | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | ||||
| CVE-2010-2468 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2024-08-07 | N/A |
| The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | ||||
| CVE-2010-2072 | 1 Radovan Garabik | 1 Pyftpd | 2024-08-07 | N/A |
| Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information. | ||||