Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Sorry. No results for Bugtraq WLB2
CVEMAP Search Results
CVE
Details
Description
2019-09-05
Medium
CVE-2019-14222
Vendor:
Alfresco
Software:
Alfresco
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.
2019-08-21
Medium
CVE-2019-12621
Vendor:
Cisco
Software:
Hyperflex hx...
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
2019-08-01
Low
CVE-2018-20936
Vendor:
Cpanel
Software:
Cpanel
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
2019-07-29
Medium
CVE-2019-1020004
Vendor:
Tridactyl project
Software:
Tridactyl
Tridactyl before 1.16.0 allows fake key events.
2019-07-09
Medium
CVE-2019-9150
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.
Medium
CVE-2019-9149
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.
Low
CVE-2019-9148
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person.
2019-05-23
Low
CVE-2019-10851
Vendor:
Computrols
Software:
Computrols b...
Computrols CBAS 18.0.0 has hard-coded encryption keys.
2019-05-16
Medium
CVE-2019-10112
Vendor:
Gitlab
Software:
Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
2019-05-15
Medium
CVE-2019-12098
Vendor:
Heimdal project
Software:
Heimdal
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Copyright
2024
, cxsecurity.com
Back to Top
