CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-05-16
Medium
CVE-2019-10112

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

 
2019-05-15
Medium
CVE-2019-12098

Vendor: Heimdal project
Software: Heimdal
 

 
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

 
2019-05-06
Medium
CVE-2018-18978

Updating...
 

 
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.

 
2019-05-03
Low
CVE-2019-1586

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.

 
2019-04-26
Medium
CVE-2019-7476

Vendor: Sonicwall
Software: Global manag...
 

 
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

 
2019-04-22
Medium
CVE-2015-1316

Updating...
 

 
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

 
2019-04-17
Medium
CVE-2019-10643

Vendor: Contao
Software: Contao cms
 

 
Contao 4.7 allows Use of a Key Past its Expiration Date.

 
2019-04-11
Medium
CVE-2019-5672

Vendor: Nvidia
Software: Jetson tx1
 

 
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

 
2019-03-28
Medium
CVE-2019-3710

Updating...
 

 
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

 
2019-03-21
Medium
CVE-2019-9894

Vendor: Putty
Software: Putty
 

 
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top