Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5400 | 1 Ibm | 1 Platform Symphony | 2024-11-21 | 10.0 HIGH | N/A |
| An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | |||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.7 MEDIUM | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
| CVE-2013-5037 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2024-11-21 | 3.3 LOW | N/A |
| The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | |||||
| CVE-2013-5006 | 1 Westerndigital | 3 My Net N750, My Net N900, My Net N900c | 2024-11-21 | 4.3 MEDIUM | N/A |
| main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. | |||||
| CVE-2013-4967 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. | |||||
| CVE-2013-4962 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.8 MEDIUM | N/A |
| The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. | |||||
| CVE-2013-4876 | 1 Verizon | 1 Wireless Network Extender | 2024-11-21 | 6.2 MEDIUM | N/A |
| The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. | |||||
| CVE-2013-4873 | 1 Yahoo | 1 Tumblr | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4790 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 3.5 LOW | N/A |
| Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server. | |||||
| CVE-2013-4786 | 2 Intel, Oracle | 2 Intelligent Platform Management Interface, Fujitsu M10 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. | |||||
| CVE-2013-4732 | 2 Digital Alert Systems, Monroe Electronics | 2 Dasdec Eas, R189 One-net Eas | 2024-11-21 | 10.0 HIGH | N/A |
| The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2024-11-21 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2013-4651 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2024-11-21 | 6.6 MEDIUM | N/A |
| Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. | |||||
| CVE-2013-4629 | 1 Huawei | 2 Vp 9610, Vp 9620 | 2024-11-21 | 8.5 HIGH | N/A |
| The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. | |||||
| CVE-2013-4622 | 1 Htc | 1 Droid Incredible | 2024-11-21 | 7.5 HIGH | N/A |
| The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
| CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.8 MEDIUM | N/A |
| The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
| CVE-2013-4614 | 1 Canon | 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more | 2024-11-21 | 2.1 LOW | N/A |
| English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. | |||||
| CVE-2013-4576 | 1 Gnupg | 1 Gnupg | 2024-11-21 | 2.1 LOW | N/A |
| GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. | |||||
| CVE-2013-4509 | 2 Ibus Project, Opensuse | 2 Ibus, Opensuse | 2024-11-21 | 1.9 LOW | N/A |
| The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen. | |||||
| CVE-2013-4496 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2024-11-21 | 5.0 MEDIUM | N/A |
| Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. | |||||