CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-01-09
Medium
CVE-2020-1810

Updating...
 

 
Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500; S6700 versions V200R005C00SPC500, V200R005C01.

 
2019-12-25
Medium
CVE-2019-19962

Vendor: Wolfssl
Software: Wolfssl
 

 
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.

 
2019-12-13
Medium
CVE-2019-19397

Updating...
 

 
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

 
2019-12-02
Low
CVE-2019-19316

Vendor: Hashicorp
Software: Terraform
 

 
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

 
2019-11-14
Low
CVE-2019-16863

Updating...
 

 
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

 
2019-11-08
Medium
CVE-2019-16208

Vendor: Broadcom
Software: Brocade sannav
 

 
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

 
2019-10-25
Medium
CVE-2019-4399

Updating...
 

 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.

 
2019-10-09
Low
CVE-2018-5745

Updating...
 

 
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

 
2019-10-03
Low
CVE-2019-13629

Vendor: Matrixssl
Software: Matrixssl
 

 
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.

 
2019-09-30
Medium
CVE-2019-10492

Vendor: Qualcomm
Software: Mdm9607 firmware
 

 
Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439

 

 


Copyright 2020, cxsecurity.com

 

Back to Top