Total
2463 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3941 | 1 Martin Lambers | 1 Mpop | 2023-12-10 | 5.0 MEDIUM | N/A |
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2023-12-10 | 6.5 MEDIUM | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-1772 | 1 Iscripts | 1 Socialware | 2023-12-10 | 5.0 MEDIUM | N/A |
| iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-2780 | 1 Albinoloverats | 1 Anubis Plugin | 2023-12-10 | 6.4 MEDIUM | N/A |
| The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file. | |||||
| CVE-2009-3044 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
| Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2008-6193 | 1 Myblog | 1 Myblog | 2023-12-10 | 5.0 MEDIUM | N/A |
| Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2023-12-10 | 2.1 LOW | N/A |
| RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | |||||
| CVE-2009-3942 | 1 Martin Lambers | 1 Msmtp | 2023-12-10 | 6.4 MEDIUM | N/A |
| Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2008-2299 | 2 Citrix, Microsoft | 4 Access Essentials, Desktop Server, Presentation Server and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | |||||
| CVE-2009-3474 | 1 Internet2 | 3 Opensaml, Shibboleth-sp, Xmltooling | 2023-12-10 | 7.5 HIGH | N/A |
| OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | |||||
| CVE-2008-5659 | 1 Gnu | 1 Classpath | 2023-12-10 | 7.5 HIGH | N/A |
| The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys. | |||||
| CVE-2008-5230 | 1 Cisco | 1 Ios | 2023-12-10 | 6.8 MEDIUM | N/A |
| The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | |||||
| CVE-2009-1074 | 1 Sun | 1 Java System Identity Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs. | |||||
| CVE-2009-3490 | 1 Gnu | 1 Wget | 2023-12-10 | 6.8 MEDIUM | N/A |
| GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-2973 | 1 Google | 1 Chrome | 2023-12-10 | 6.4 MEDIUM | N/A |
| Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409. | |||||
| CVE-2008-4227 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 7.5 HIGH | N/A |
| Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. | |||||
| CVE-2009-3475 | 1 Internet2 | 1 Shibboleth-sp | 2023-12-10 | 7.5 HIGH | N/A |
| Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-4034 | 1 Postgresql | 1 Postgresql | 2023-12-10 | 5.8 MEDIUM | N/A |
| PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2023-12-10 | 7.8 HIGH | N/A |
| The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
| CVE-2009-3765 | 2 Mutt, Openssl | 2 Mutt, Openssl | 2023-12-10 | 6.8 MEDIUM | N/A |
| mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||