Total
2486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4422 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | ||||
| CVE-2014-4430 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. | ||||
| CVE-2013-7385 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033. | ||||
| CVE-2016-1938 | 2 Mozilla, Opensuse | 4 Firefox, Nss, Leap and 1 more | 2025-04-12 | N/A |
| The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. | ||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-4623 | 1 Emc | 1 Avamar | 2025-04-12 | N/A |
| EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
| CVE-2013-7372 | 2 Apache, Google | 2 Harmony, Android | 2025-04-12 | N/A |
| The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. | ||||
| CVE-2013-7408 | 1 F5 | 1 Big-ip Analytics | 2025-04-12 | N/A |
| F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | ||||
| CVE-2016-6838 | 1 Huawei | 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more | 2025-04-12 | N/A |
| Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. | ||||
| CVE-2016-8224 | 1 Lenovo | 57 Bios, Notebook 110 14ibr, Notebook 110 14ibr Bios and 54 more | 2025-04-12 | N/A |
| A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. | ||||
| CVE-2014-0017 | 1 Libssh | 1 Libssh | 2025-04-12 | N/A |
| The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. | ||||
| CVE-2014-0139 | 1 Haxx | 2 Curl, Libcurl | 2025-04-12 | N/A |
| cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2014-0786 | 1 Ecava | 1 Integraxor | 2025-04-12 | N/A |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | ||||
| CVE-2013-7033 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | ||||
| CVE-2013-7040 | 2 Apple, Python | 2 Mac Os X, Python | 2025-04-12 | N/A |
| Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. | ||||
| CVE-2016-2953 | 1 Ibm | 1 Connections | 2025-04-12 | N/A |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | ||||
| CVE-2016-6606 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2013-6994 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | N/A |
| OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | ||||
| CVE-2013-7041 | 1 Cristian Gafton | 1 Pam Userdb | 2025-04-12 | N/A |
| The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | ||||
| CVE-2016-6550 | 1 Bb\&t | 1 The U | 2025-04-12 | N/A |
| The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||