CWE:
 

Topic
Date
Author
Med.
Microsoft Surface Hub Keyboard Replay
31.01.2018
Matthias Deeg
Low
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
28.11.2016
Gerhard Klostermeier
Low
Wireless Keyboard Set LX901 GK900 Replay Attack
10.10.2016
SySS
Med.
Logitech K520 Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Keystroke Injection
30.07.2016
SySS
Med.
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
30.07.2016
SySS
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
OpenSSL 1.0.1j Multiple Vulnerabilities
10.01.2015
Multiple Authors
Low
SAP HANA XS Missing Encryption
30.07.2014
Onapsis
Med.
OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
05.01.2014
Dr. Stephen Henson
Med.
OWASP ESAPI Symmetric Encryption MAC Bypass
17.09.2013
Philippe Arteau
High
OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
09.02.2013
OpenSSL
Med.
Merethis Centreon Multiple Vulnerabilities
13.11.2011
none
Med.
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
20.09.2011
CORE Security Technolo...
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Low
EMC Data Protection Advisor sensitive information disclosure vulnerability
03.08.2011
emc
Low
Clear Text Secrets in PassmanLite Could Allow Access to Passwords
17.05.2011
Simon Roses
High
MediaCast Password Dump Vulnerability
13.05.2011
Packetninjas L.L.C
High
EMC Avamar sensitive information disclosure vulnerability
18.03.2011
Security_Alert
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Med.
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
09.02.2011
Garrett Held
Med.
Free Simple Software - SQL Injection Vulnerability
02.12.2010
Mark Stanislav
Med.
MS10-070 ASP.NET Padding Oracle File Download
17.10.2010
Agustin Azubel
Med.
ASP.NET Padding Oracle Vulnerability (MS10-070)
07.10.2010
Giorgio Fedon
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
Med.
Aapache/mod_ssl vulnerability and mitigation
11.11.2009
Apache team
Low
linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring
05.11.2009
Eugene Teoeugeneteo
Low
Wordpress Resource Exhaustion - Denial of Service Vulnerability
26.10.2009
jcarlosn
Med.
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
04.10.2009
Eyal Udassin & Jonatha...
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
23.09.2009
Marc Heuse (mh baselin...
High
iphone email client does not validate ssl certificates
23.09.2009
Bill Borskey
Low
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier
30.08.2009
ryan wessels
High
Multiple vulnerabilities in several ATEN IP KVM Switches
28.05.2009
Jakob Lell
Med.
DotNetNuke Default Machine Key Exposure
01.04.2009
gdssecurity
Med.
MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
21.02.2009
CWH
Med.
MD5 Considered Harmful Today: Creating a rogue CA certificate
07.01.2009
Alexander Sotirov
Med.
Joomla: Session hijacking vulnerability
17.12.2008
Hanno Boeck
High
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework
20.11.2008
Erez Metula
Med.
Typo <= 5.1.3 Multiple Vulnerabilities
02.11.2008
L4teral
High
Aruba Mobility Controller Shared Default Certificate
24.09.2008
nnposter
Med.
Squirrelmail: Session hijacking vulnerability
23.09.2008
Hanno B
Med.
menalto gallery: Session hijacking vulnerability
23.09.2008
Hanno B
Low
Folder Lock <= 5.9.5 Local Password Information Disclosure
21.08.2008
Charalambous Glafkos
Med.
EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
22.07.2008
zhliu_at_fortinet.com


CVEMAP Search Results

CVE
Details
Description
2018-05-16
Medium
CVE-2018-11209

Vendor: Zblogcn
Software: Z-blogphp
 

 
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue.

 
2018-05-09
Low
CVE-2018-10951

Vendor: Zimbra
Software: Zimbra colla...
 

 
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.

 
2018-05-08
Low
CVE-2018-10812

Vendor: Bitpie
Software: Bitcoin wallet
 

 
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).

 
2018-05-02
Medium
CVE-2018-0281

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808.

 
Medium
CVE-2018-0283

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327.

 
2018-05-01
Low
CVE-2013-4035

Vendor: IBM
Software: Sterling connect
 

 
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.

 
Low
CVE-2017-14012

Vendor: Bostonscientific
Software: Zoom latitud...
 

 
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

 
2018-04-27
Low
CVE-2013-5391

Vendor: IBM
Software: Mobile found...
 

 
IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128.

 
2018-04-25
High
CVE-2017-12712

Updating...
 

 
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

 
2018-04-23
Medium
CVE-2017-7893

Vendor: Saltstack
Software: SALT
 

 
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top