CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-04-03
Medium
CVE-2020-11501

Vendor: Gnutls
Software: Gnutls
 

 
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

 
2020-03-30
Low
CVE-2020-10560

Vendor: Opensource-socialnetwork
Software: Open source ...
 

 
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

 
2020-03-25
Medium
CVE-2020-10788

Vendor: It-novum
Software: Openitcockpit
 

 
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

 
2020-03-24
Medium
CVE-2020-7001

Updating...
 

 
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

 
Medium
CVE-2020-6987

Updating...
 

 
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

 
2020-03-20
Medium
CVE-2019-14855

Vendor: Gnupg
Software: Gnupg
 

 
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

 
2020-03-16
Medium
CVE-2020-6984

Vendor: Rockwellautomation
Software: Rslogix 500
 

 
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.

 
2020-03-11
Low
CVE-2019-5106

Vendor: WAGO
Software: E\!cockpit
 

 
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.

 
Low
CVE-2011-2487

Vendor: Apache
Software: CXF
 

 
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

 
2020-02-12
Medium
CVE-2019-4427

Updating...
 

 
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top