CWE:
 

Topic
Date
Author
Med.
Microsoft Surface Hub Keyboard Replay
31.01.2018
Matthias Deeg
Low
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
28.11.2016
Gerhard Klostermeier
Low
Wireless Keyboard Set LX901 GK900 Replay Attack
10.10.2016
SySS
Med.
Logitech K520 Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Keystroke Injection
30.07.2016
SySS
Med.
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
30.07.2016
SySS
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
OpenSSL 1.0.1j Multiple Vulnerabilities
10.01.2015
Multiple Authors
Low
SAP HANA XS Missing Encryption
30.07.2014
Onapsis
Med.
OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
05.01.2014
Dr. Stephen Henson
Med.
OWASP ESAPI Symmetric Encryption MAC Bypass
17.09.2013
Philippe Arteau
High
OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
09.02.2013
OpenSSL
Med.
Merethis Centreon Multiple Vulnerabilities
13.11.2011
none
Med.
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
20.09.2011
CORE Security Technolo...
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Low
EMC Data Protection Advisor sensitive information disclosure vulnerability
03.08.2011
emc
Low
Clear Text Secrets in PassmanLite Could Allow Access to Passwords
17.05.2011
Simon Roses
High
MediaCast Password Dump Vulnerability
13.05.2011
Packetninjas L.L.C
High
EMC Avamar sensitive information disclosure vulnerability
18.03.2011
Security_Alert
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Med.
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
09.02.2011
Garrett Held
Med.
Free Simple Software - SQL Injection Vulnerability
02.12.2010
Mark Stanislav
Med.
MS10-070 ASP.NET Padding Oracle File Download
17.10.2010
Agustin Azubel
Med.
ASP.NET Padding Oracle Vulnerability (MS10-070)
07.10.2010
Giorgio Fedon
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
Med.
Aapache/mod_ssl vulnerability and mitigation
11.11.2009
Apache team
Low
linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring
05.11.2009
Eugene Teoeugeneteo
Low
Wordpress Resource Exhaustion - Denial of Service Vulnerability
26.10.2009
jcarlosn
Med.
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
04.10.2009
Eyal Udassin & Jonatha...
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
23.09.2009
Marc Heuse (mh baselin...
High
iphone email client does not validate ssl certificates
23.09.2009
Bill Borskey
Low
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier
30.08.2009
ryan wessels
High
Multiple vulnerabilities in several ATEN IP KVM Switches
28.05.2009
Jakob Lell
Med.
DotNetNuke Default Machine Key Exposure
01.04.2009
gdssecurity
Med.
MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
21.02.2009
CWH
Med.
MD5 Considered Harmful Today: Creating a rogue CA certificate
07.01.2009
Alexander Sotirov
Med.
Joomla: Session hijacking vulnerability
17.12.2008
Hanno Boeck
High
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework
20.11.2008
Erez Metula
Med.
Typo <= 5.1.3 Multiple Vulnerabilities
02.11.2008
L4teral
High
Aruba Mobility Controller Shared Default Certificate
24.09.2008
nnposter
Med.
Squirrelmail: Session hijacking vulnerability
23.09.2008
Hanno B
Med.
menalto gallery: Session hijacking vulnerability
23.09.2008
Hanno B
Low
Folder Lock <= 5.9.5 Local Password Information Disclosure
21.08.2008
Charalambous Glafkos
Med.
EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
22.07.2008
zhliu_at_fortinet.com


CVEMAP Search Results

CVE
Details
Description
2018-08-21
Low
CVE-2017-17305

Vendor: Huawei
Software: Usg2205bsr f...
 

 
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.

 
2018-08-17
Low
CVE-2018-15355

Vendor: Kraftway
Software: 24f2xg route...
 

 
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118.

 
2018-08-15
Low
CVE-2018-0412

Vendor: Cisco
Software: Wap121 firmware
 

 
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.

 
2018-08-07
Low
CVE-2018-5383

Vendor: Apple
Software: Iphone os
 

 
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

 
2018-08-01
Low
CVE-2018-11050

Vendor: DELL
Software: Emc networker
 

 
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.

 
Medium
CVE-2018-10618

Updating...
 

 
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.

 
2018-07-31
Low
CVE-2017-17174

Vendor: Huawei
Software: Espace u1981...
 

 
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.

 
2018-07-28
Low
CVE-2018-0497

Vendor: ARM
Software: Mbed tls
 

 
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

 
Low
CVE-2018-0498

Vendor: ARM
Software: Mbed tls
 

 
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

 
2018-07-27
Medium
CVE-2017-12151

Vendor: HP
Software: Cifs server
 

 
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top