Total
2447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0047 | 1 Gale | 1 Gale | 2024-11-21 | 5.0 MEDIUM | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-7270 | 1 Openssl | 1 Openssl | 2024-11-21 | 4.3 MEDIUM | N/A |
| OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | |||||
| CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | |||||
| CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2024-11-21 | 2.1 LOW | N/A |
| RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | |||||
| CVE-2008-7138 | 1 Eye.fi | 1 Eye-fi Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | |||||
| CVE-2008-7113 | 1 Kyoceramita | 1 Scanner File Utility | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | |||||
| CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-11-21 | 10.0 HIGH | N/A |
| Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
| CVE-2008-7020 | 1 Mcafee | 1 Safeboot Device Encryption | 2024-11-21 | 2.1 LOW | N/A |
| McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-6993 | 1 Siemens | 1 Gigaset Wlan Camera | 2024-11-21 | 10.0 HIGH | N/A |
| Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-11-21 | 7.5 HIGH | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | |||||
| CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-11-21 | 6.5 MEDIUM | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-6908 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-11-21 | 7.5 HIGH | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-6824 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2024-11-21 | 10.0 HIGH | N/A |
| The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2024-11-21 | 7.8 HIGH | N/A |
| The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-6792 | 1 Ubuntu | 1 Linux | 2024-11-21 | 5.0 MEDIUM | N/A |
| system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | |||||
| CVE-2008-6193 | 1 Myblog | 1 Myblog | 2024-11-21 | 5.0 MEDIUM | N/A |
| Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-6073 | 1 Magic2003 | 1 Storagecrypt | 2024-11-21 | 4.9 MEDIUM | N/A |
| StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5659 | 1 Gnu | 1 Classpath | 2024-11-21 | 7.5 HIGH | N/A |
| The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | |||||
| CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||