Filtered by CWE-310
Total 2489 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4038 1 Ibm 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more 2025-04-11 N/A
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
CVE-2013-4073 2 Redhat, Ruby-lang 4 Enterprise Linux, Openshift, Openstack and 1 more 2025-04-11 N/A
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2011-5064 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2025-04-11 N/A
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
CVE-2011-4758 1 Parallels 1 Parallels Plesk Small Business Panel 2025-04-11 N/A
Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files.
CVE-2013-4132 2 Kde, Opensuse 3 Kde-workspace, Kde Sc, Opensuse 2025-04-11 N/A
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
CVE-2011-4461 3 Mortbay, Oracle, Redhat 5 Jetty, Sun Storage Common Array Manager, Fuse Esb Enterprise and 2 more 2025-04-11 N/A
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4447 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2025-04-11 N/A
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
CVE-2011-4432 1 Merethis 1 Centreon 2025-04-11 N/A
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
CVE-2013-5999 1 Kingsoft 1 Kdrive 2025-04-11 N/A
Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2011-4046 1 Dell 1 Kace K2000 Systems Deployment Appliance 2025-04-11 N/A
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.
CVE-2011-3692 1 Netsaro 1 Enterprise Messenger Server 2025-04-11 N/A
NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step.
CVE-2011-3685 1 Tembria 1 Server Monitor 2025-04-11 N/A
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory.
CVE-2011-3599 2 Adam Kennedy, Perl 2 Crypt-dsa, Perl 2025-04-11 N/A
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
CVE-2013-4218 1 Intel 1 Wimax Network Service 2025-04-11 N/A
The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations.
CVE-2013-4030 1 Ibm 31 Bladecenter, Flex System Manager Node 7955, Flex System Manager Node 8731 and 28 more 2025-04-11 N/A
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
CVE-2011-3590 1 Redhat 2 Enterprise Linux, Kexec-tools 2025-04-11 N/A
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.
CVE-2011-3588 1 Redhat 2 Enterprise Linux, Kexec-tools 2025-04-11 N/A
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.
CVE-2011-4723 1 Dlink 1 Dir-300 2025-04-11 5.7 Medium
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
CVE-2011-3444 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
CVE-2011-3013 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 N/A
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack.