CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-01-08
Medium
CVE-2018-5298

Vendor: PG
Software: Oral-b app
 

 
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

 
2018-01-04
Low
CVE-2017-1665

Vendor: IBM
Software: Security key...
 

 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

 
Low
CVE-2017-1664

Vendor: IBM
Software: Security key...
 

 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

 
2018-01-03
Medium
CVE-2017-1000486

Vendor: Primetek
Software: Primefaces
 

 
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

 
2017-12-15
Medium
CVE-2017-14090

Vendor: Trendmicro
Software: Scanmail
 

 
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

 
2017-12-06
Low
CVE-2017-17436

Vendor: Vaulteksafe
Software: Vt20i firmware
 

 
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.

 
2017-11-23
Medium
CVE-2017-13699

Vendor: MOXA
Software: Eds-g512e fi...
 

 
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

 
2017-11-22
Medium
CVE-2017-8174

Vendor: Huawei
Software: Secospace us...
 

 
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.

 
2017-10-19
Medium
CVE-2012-6707

Vendor: Wordpress
Software: Wordpress
 

 
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.

 
2017-09-30
High
CVE-2017-14797

Vendor: Philips
Software: Hue bridge b...
 

 
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top