Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4508 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-11-21 | 7.5 High |
| lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | ||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | ||||
| CVE-2013-2566 | 4 Canonical, Fujitsu, Mozilla and 1 more | 24 Ubuntu Linux, M10-1, M10-1 Firmware and 21 more | 2024-11-21 | N/A |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 9.8 Critical |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | ||||
| CVE-2013-0764 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2024-11-21 | N/A |
| The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. | ||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | ||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 7.4 High |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | ||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 9.8 Critical |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | ||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | ||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 21 Ubuntu Linux, Debian Linux, Chrome and 18 more | 2024-11-21 | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.8 Medium |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
| CVE-2009-2474 | 5 Apple, Canonical, Fedoraproject and 2 more | 5 Mac Os X, Ubuntu Linux, Fedora and 2 more | 2024-11-21 | N/A |
| neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2005-4900 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | ||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2024-11-20 | 7.5 High |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | ||||
| CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2024-11-20 | N/A |
| The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | ||||
| CVE-2004-2172 | 1 Netsourcecommerce | 1 Productcart | 2024-11-20 | 7.5 High |
| EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | ||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-11-20 | 5.5 Medium |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | ||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2024-11-20 | 7.5 High |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | ||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.5 High |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | ||||
| CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2024-11-20 | 5.5 Medium |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | ||||