CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-09-05
Medium
CVE-2019-14222

Vendor: Alfresco
Software: Alfresco
 

 
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.

 
2019-08-21
Medium
CVE-2019-12621

Vendor: Cisco
Software: Hyperflex hx...
 

 
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.

 
2019-08-01
Low
CVE-2018-20936

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

 
2019-07-29
Medium
CVE-2019-1020004

Vendor: Tridactyl project
Software: Tridactyl
 

 
Tridactyl before 1.16.0 allows fake key events.

 
2019-07-09
Medium
CVE-2019-9150

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.

 
Medium
CVE-2019-9149

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.

 
Low
CVE-2019-9148

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person.

 
2019-05-23
Low
CVE-2019-10851

Vendor: Computrols
Software: Computrols b...
 

 
Computrols CBAS 18.0.0 has hard-coded encryption keys.

 
2019-05-16
Medium
CVE-2019-10112

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

 
2019-05-15
Medium
CVE-2019-12098

Vendor: Heimdal project
Software: Heimdal
 

 
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top