Total
2494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2976 | 1 Cisco | 2 Aironet Ap1100, Aironet Ap1200 | 2025-04-09 | N/A |
| Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. | ||||
| CVE-2009-0742 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2025-04-09 | N/A |
| The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2025-04-09 | N/A |
| The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2008-6824 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2025-04-09 | N/A |
| The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | ||||
| CVE-2009-0547 | 2 Evolution, Redhat | 2 Evolution, Enterprise Linux | 2025-04-09 | N/A |
| Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. | ||||
| CVE-2008-7020 | 1 Mcafee | 1 Safeboot Device Encryption | 2025-04-09 | N/A |
| McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
| CVE-2008-7138 | 1 Eye.fi | 1 Eye-fi Manager | 2025-04-09 | N/A |
| The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | ||||
| CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2025-04-09 | N/A |
| RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | ||||
| CVE-2009-1174 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | ||||
| CVE-2009-3273 | 1 Apple | 1 Iphone Os | 2025-04-09 | N/A |
| iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | ||||
| CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2025-04-09 | N/A |
| Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
| CVE-2008-5230 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | ||||
| CVE-2009-4295 | 1 Sun | 1 Ray Server Software | 2025-04-09 | N/A |
| Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | ||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2025-04-09 | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-0053 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-09 | N/A |
| PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." | ||||
| CVE-2008-2285 | 1 Ubuntu | 1 Linux | 2025-04-09 | N/A |
| The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | ||||
| CVE-2007-5701 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | ||||
| CVE-2009-3766 | 2 Mutt, Openssl | 2 Mutt, Openssl | 2025-04-09 | N/A |
| mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2025-04-09 | N/A |
| ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | ||||