CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-07-09
Medium
CVE-2019-9149

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.

 
Low
CVE-2019-9148

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person.

 
Medium
CVE-2019-9150

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.

 
2019-05-23
Low
CVE-2019-10851

Vendor: Computrols
Software: Computrols b...
 

 
Computrols CBAS 18.0.0 has hard-coded encryption keys.

 
2019-05-16
Medium
CVE-2019-10112

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

 
2019-05-15
Medium
CVE-2019-12098

Vendor: Heimdal project
Software: Heimdal
 

 
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

 
2019-05-06
Medium
CVE-2018-18978

Updating...
 

 
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.

 
2019-05-03
Low
CVE-2019-1586

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.

 
2019-04-26
Medium
CVE-2019-7476

Vendor: Sonicwall
Software: Global manag...
 

 
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

 
2019-04-22
Medium
CVE-2015-1316

Updating...
 

 
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top