CWE:
 

Topic
Date
Author
Low
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
28.11.2016
Gerhard Klostermeier
Low
Wireless Keyboard Set LX901 GK900 Replay Attack
10.10.2016
SySS
Med.
Logitech K520 Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Keystroke Injection
30.07.2016
SySS
Med.
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
30.07.2016
SySS
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
OpenSSL 1.0.1j Multiple Vulnerabilities
10.01.2015
Multiple Authors
Low
SAP HANA XS Missing Encryption
30.07.2014
Onapsis
Med.
OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
05.01.2014
Dr. Stephen Henson
Med.
OWASP ESAPI Symmetric Encryption MAC Bypass
17.09.2013
Philippe Arteau
High
OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
09.02.2013
OpenSSL
Med.
Merethis Centreon Multiple Vulnerabilities
13.11.2011
none
Med.
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
20.09.2011
CORE Security Technolo...
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Low
EMC Data Protection Advisor sensitive information disclosure vulnerability
03.08.2011
emc
Low
Clear Text Secrets in PassmanLite Could Allow Access to Passwords
17.05.2011
Simon Roses
High
MediaCast Password Dump Vulnerability
13.05.2011
Packetninjas L.L.C
High
EMC Avamar sensitive information disclosure vulnerability
18.03.2011
Security_Alert
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Med.
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
09.02.2011
Garrett Held
Med.
Free Simple Software - SQL Injection Vulnerability
02.12.2010
Mark Stanislav
Med.
MS10-070 ASP.NET Padding Oracle File Download
17.10.2010
Agustin Azubel
Med.
ASP.NET Padding Oracle Vulnerability (MS10-070)
07.10.2010
Giorgio Fedon
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
Med.
Aapache/mod_ssl vulnerability and mitigation
11.11.2009
Apache team
Low
linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring
05.11.2009
Eugene Teoeugeneteo
Low
Wordpress Resource Exhaustion - Denial of Service Vulnerability
26.10.2009
jcarlosn
Med.
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
04.10.2009
Eyal Udassin & Jonatha...
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
23.09.2009
Marc Heuse (mh baselin...
High
iphone email client does not validate ssl certificates
23.09.2009
Bill Borskey
Low
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier
30.08.2009
ryan wessels
High
Multiple vulnerabilities in several ATEN IP KVM Switches
28.05.2009
Jakob Lell
Med.
DotNetNuke Default Machine Key Exposure
01.04.2009
gdssecurity
Med.
MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
21.02.2009
CWH
Med.
MD5 Considered Harmful Today: Creating a rogue CA certificate
07.01.2009
Alexander Sotirov
Med.
Joomla: Session hijacking vulnerability
17.12.2008
Hanno Boeck
High
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework
20.11.2008
Erez Metula
Med.
Typo <= 5.1.3 Multiple Vulnerabilities
02.11.2008
L4teral
High
Aruba Mobility Controller Shared Default Certificate
24.09.2008
nnposter
Med.
Squirrelmail: Session hijacking vulnerability
23.09.2008
Hanno B
Med.
menalto gallery: Session hijacking vulnerability
23.09.2008
Hanno B
Low
Folder Lock <= 5.9.5 Local Password Information Disclosure
21.08.2008
Charalambous Glafkos
Med.
EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
22.07.2008
zhliu_at_fortinet.com


CVEMAP Search Results

CVE
Details
Description
2015-02-17
Low
CVE-2015-1355

Vendor: Siemens
Software: Simatic step 7
 

 
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

 
2015-02-10
Low
CVE-2015-1569

Vendor: Fortinet
Software: Forticlient
 

 
Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.

 
Low
CVE-2015-1570

Vendor: Fortinet
Software: Forticlient
 

 
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

 
2015-02-02
Medium
CVE-2015-1454

Vendor: Bluecoat
Software: Proxyclient
 

 
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.

 
2015-02-01
Medium
CVE-2014-6136

Vendor: IBM
Software: Security appscan
 

 
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network.

 
Medium
CVE-2014-8918

Vendor: IBM
Software: Security appscan
 

 
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
2015-01-31
Low
CVE-2014-4632

Vendor: Vmware
Software: Vsphere data...
 

 
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

 
2015-01-16
Medium
CVE-2014-5419

Vendor: GE
Software: Multilink ml1200
 

 
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.

 
2015-01-15
Low
CVE-2014-9596

Vendor: Panasonic
Software: Arbitrator b...
 

 
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.

 
2014-12-28
Medium
CVE-2014-5386

Vendor: Facebook
Software: Hiphop virtu...
 

 
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

 

 


Copyright 2017, cxsecurity.com