CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-07-27
Low
CVE-2017-2626

Vendor: Freedesktop
Software: Libice
 

 
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

 
2018-07-09
Medium
CVE-2018-1000620

Vendor: Cryptiles project
Software: Cryptiles
 

 
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

 
2018-05-16
Medium
CVE-2018-10240

Vendor: Solarwinds
Software: Serv-u
 

 
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.

 
2018-04-12
Medium
CVE-2014-8422

Updating...
 

 
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

 
2017-10-24
Medium
CVE-2014-0691

Vendor: Cisco
Software: Webex meetin...
 

 
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

 
2017-08-09
Medium
CVE-2015-3405

Vendor: Opensuse project
Software: Suse linux e...
 

 
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top