CWE:
 

Topic
Date
Author
Med.
Microsoft Surface Hub Keyboard Replay
31.01.2018
Matthias Deeg
Low
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
28.11.2016
Gerhard Klostermeier
Low
Wireless Keyboard Set LX901 GK900 Replay Attack
10.10.2016
SySS
Med.
Logitech K520 Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Keystroke Injection
30.07.2016
SySS
Med.
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
30.07.2016
SySS
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
OpenSSL 1.0.1j Multiple Vulnerabilities
10.01.2015
Multiple Authors
Low
SAP HANA XS Missing Encryption
30.07.2014
Onapsis
Med.
OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
05.01.2014
Dr. Stephen Henson
Med.
OWASP ESAPI Symmetric Encryption MAC Bypass
17.09.2013
Philippe Arteau
High
OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
09.02.2013
OpenSSL
Med.
Merethis Centreon Multiple Vulnerabilities
13.11.2011
none
Med.
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
20.09.2011
CORE Security Technolo...
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Low
EMC Data Protection Advisor sensitive information disclosure vulnerability
03.08.2011
emc
Low
Clear Text Secrets in PassmanLite Could Allow Access to Passwords
17.05.2011
Simon Roses
High
MediaCast Password Dump Vulnerability
13.05.2011
Packetninjas L.L.C
High
EMC Avamar sensitive information disclosure vulnerability
18.03.2011
Security_Alert
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Med.
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
09.02.2011
Garrett Held
Med.
Free Simple Software - SQL Injection Vulnerability
02.12.2010
Mark Stanislav
Med.
MS10-070 ASP.NET Padding Oracle File Download
17.10.2010
Agustin Azubel
Med.
ASP.NET Padding Oracle Vulnerability (MS10-070)
07.10.2010
Giorgio Fedon
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
Med.
Aapache/mod_ssl vulnerability and mitigation
11.11.2009
Apache team
Low
linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring
05.11.2009
Eugene Teoeugeneteo
Low
Wordpress Resource Exhaustion - Denial of Service Vulnerability
26.10.2009
jcarlosn
Med.
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
04.10.2009
Eyal Udassin & Jonatha...
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
23.09.2009
Marc Heuse (mh baselin...
High
iphone email client does not validate ssl certificates
23.09.2009
Bill Borskey
Low
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier
30.08.2009
ryan wessels
High
Multiple vulnerabilities in several ATEN IP KVM Switches
28.05.2009
Jakob Lell
Med.
DotNetNuke Default Machine Key Exposure
01.04.2009
gdssecurity
Med.
MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
21.02.2009
CWH
Med.
MD5 Considered Harmful Today: Creating a rogue CA certificate
07.01.2009
Alexander Sotirov
Med.
Joomla: Session hijacking vulnerability
17.12.2008
Hanno Boeck
High
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework
20.11.2008
Erez Metula
Med.
Typo <= 5.1.3 Multiple Vulnerabilities
02.11.2008
L4teral
High
Aruba Mobility Controller Shared Default Certificate
24.09.2008
nnposter
Med.
Squirrelmail: Session hijacking vulnerability
23.09.2008
Hanno B
Med.
menalto gallery: Session hijacking vulnerability
23.09.2008
Hanno B
Low
Folder Lock <= 5.9.5 Local Password Information Disclosure
21.08.2008
Charalambous Glafkos
Med.
EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
22.07.2008
zhliu_at_fortinet.com


CVEMAP Search Results

CVE
Details
Description
2018-04-13
Medium
CVE-2018-10084

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.

 
2018-03-26
Medium
CVE-2018-5458

Vendor: Philips
Software: Intellispace...
 

 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.

 
Medium
CVE-2018-5462

Vendor: Philips
Software: Intellispace...
 

 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

 
Medium
CVE-2018-5464

Vendor: Philips
Software: Intellispace...
 

 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

 
Medium
CVE-2018-5466

Vendor: Philips
Software: Intellispace...
 

 
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

 
Medium
CVE-2018-1348

Vendor: Netiq
Software: Identity manager
 

 
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.

 
2018-03-13
Medium
CVE-2018-6295

Vendor: Hanwha-security
Software: Snh-v6410pn ...
 

 
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams

 
2018-03-10
High
CVE-2018-6312

Vendor: Foxconn
Software: Femtocell fe...
 

 
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.

 
2018-03-06
Low
CVE-2018-6019

Vendor: Samsung
Software: Display solu...
 

 
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission.

 
2018-03-02
Medium
CVE-2017-9267

Vendor: Novell
Software: Edirectory
 

 
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top