CVE Vulnerability Database

Search and browse 58 known security vulnerabilities. Filter by severity, vendor, product, and year.

58 vulnerabilities found

Recent Highest Score Oldest

Severity: Critical × Year: earlier × Clear all

CVE-2015-0987

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Omron Cx-Programmer Oct 6, 2015

CVE-2015-0192

9.8 critical

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

Ibm Java Jul 2, 2015

CVE-2015-2808

10.0 critical

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that

Oracle Communications Application Session Controller Apr 1, 2015

CVE-2012-6437

9.8 critical

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confide

Rockwellautomation Controllogix Controllers Jan 24, 2013

CVE-2010-4478

9.8 critical

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a rel

Openbsd Openssh Dec 6, 2010

CVE-2010-2965

9.8 critical

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via re

Rockwellautomation 1756-Enbt\/A Firmware Aug 5, 2010

CVE-2009-3555

9.8 critical

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple C

Apache Http Server Nov 9, 2009

CVE-2004-2761

9.8 critical

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Ietf Md5 Jan 5, 2009

CVE-2008-4250

9.8 critical

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by

Microsoft Windows 2000 Oct 23, 2008

CVE-1999-0511

9.1 critical

IP forwarding is enabled on a machine which is not a router or firewall.

Microsoft Windows 2000 Jan 1, 1997