Total
2471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7142 | 1 Utimaco | 1 Safeguard | 2024-11-21 | 4.1 MEDIUM | 7.8 HIGH |
| The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | |||||
| CVE-2006-6674 | 1 Ozeki | 1 Http-sms Gateway | 2024-11-21 | 2.1 LOW | N/A |
| Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. | |||||
| CVE-2006-5982 | 1 Biba Software | 1 Seleniumserver Ftp Server | 2024-11-21 | 10.0 HIGH | N/A |
| SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-4339 | 1 Openssl | 1 Openssl | 2024-11-21 | 4.3 MEDIUM | N/A |
| OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
| CVE-2006-1056 | 2 Freebsd, Linux | 2 Freebsd, Linux Kernel | 2024-11-21 | 2.1 LOW | N/A |
| The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | |||||
| CVE-2006-0591 | 1 Solar Designer | 1 Crypt Blowfish | 2024-11-21 | 1.2 LOW | N/A |
| The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | |||||
| CVE-2006-0270 | 1 Oracle | 1 Database Server | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | |||||
| CVE-2005-4066 | 1 Christian Ghisler | 1 Total Commander | 2024-11-21 | 4.9 MEDIUM | N/A |
| Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | |||||
| CVE-2005-0844 | 1 Nortel | 1 Contivity | 2024-11-20 | 4.6 MEDIUM | N/A |
| Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | |||||
| CVE-2004-2761 | 1 Ietf | 2 Md5, X.509 Certificate | 2024-11-20 | 5.0 MEDIUM | N/A |
| The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. | |||||
| CVE-2004-2721 | 1 Heiko Stamer | 1 Openskat | 2024-11-20 | 4.3 MEDIUM | N/A |
| The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages. | |||||
| CVE-2004-2703 | 1 Clearswift | 4 Mailsweeper Business Suite I, Mailsweeper Business Suite Ii, Mailsweeper For Smtp and 1 more | 2024-11-20 | 4.3 MEDIUM | N/A |
| Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted". | |||||
| CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2024-11-20 | 6.4 MEDIUM | N/A |
| FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | |||||
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-11-20 | 4.3 MEDIUM | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||||
| CVE-2003-1447 | 1 Ibm | 1 Websphere Application Server | 2024-11-20 | 1.9 LOW | N/A |
| IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. | |||||
| CVE-2003-1392 | 2 Microsoft, Research Triangle Software | 2 All Windows, Cryptobuddy | 2024-11-20 | 6.6 MEDIUM | N/A |
| CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | |||||
| CVE-2003-1391 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-11-20 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. | |||||
| CVE-2003-1390 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-11-20 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | |||||
| CVE-2003-1389 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-11-20 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | |||||
| CVE-2003-1344 | 1 Trend Micro | 1 Virus Control System | 2024-11-20 | 5.0 MEDIUM | N/A |
| Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files. | |||||