CWE:
 

Tytuł
Data
Autor
Low
Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
24.10.2019
Matthias Deeg
Low
Fujitsu Wireless Keyboard Set LX390 Replay Attacks
24.10.2019
Matthias Deeg
Med.
ABUS Secvest 3.01.01 Cryptographic Issues
05.05.2019
Matthias Deeg
Med.
Fujitsu LX901 GK900 Keystroke Injection
16.03.2019
Matthias Deeg
Low
PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues
14.01.2019
Christian Pappas
Med.
Microsoft Surface Hub Keyboard Replay
31.01.2018
Matthias Deeg
Low
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
28.11.2016
Gerhard Klostermeier
Low
Wireless Keyboard Set LX901 GK900 Replay Attack
10.10.2016
SySS
Med.
Logitech K520 Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
30.07.2016
SySS
Med.
Perixx Computer PERIDUO-710W Keystroke Injection
30.07.2016
SySS
Med.
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
30.07.2016
SySS
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
OpenSSL 1.0.1j Multiple Vulnerabilities
10.01.2015
Multiple Authors
Low
SAP HANA XS Missing Encryption
30.07.2014
Onapsis
Med.
OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
05.01.2014
Dr. Stephen Henson
Med.
OWASP ESAPI Symmetric Encryption MAC Bypass
17.09.2013
Philippe Arteau
High
OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
09.02.2013
OpenSSL
Med.
Merethis Centreon Multiple Vulnerabilities
13.11.2011
none
Med.
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
20.09.2011
CORE Security Technolo...
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Low
EMC Data Protection Advisor sensitive information disclosure vulnerability
03.08.2011
emc
Low
Clear Text Secrets in PassmanLite Could Allow Access to Passwords
17.05.2011
Simon Roses
High
MediaCast Password Dump Vulnerability
13.05.2011
Packetninjas L.L.C
High
EMC Avamar sensitive information disclosure vulnerability
18.03.2011
Security_Alert
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Med.
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
09.02.2011
Garrett Held
Med.
Free Simple Software - SQL Injection Vulnerability
02.12.2010
Mark Stanislav
Med.
MS10-070 ASP.NET Padding Oracle File Download
17.10.2010
Agustin Azubel
Med.
ASP.NET Padding Oracle Vulnerability (MS10-070)
07.10.2010
Giorgio Fedon
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
Med.
Aapache/mod_ssl vulnerability and mitigation
11.11.2009
Apache team
Low
linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring
05.11.2009
Eugene Teoeugeneteo
Low
Wordpress Resource Exhaustion - Denial of Service Vulnerability
26.10.2009
jcarlosn
Med.
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
04.10.2009
Eyal Udassin & Jonatha...
Med.
Crypto backdoor in Qnap storage devices (CVE-2009-3200)
23.09.2009
Marc Heuse (mh baselin...
High
iphone email client does not validate ssl certificates
23.09.2009
Bill Borskey
Low
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier
30.08.2009
ryan wessels
High
Multiple vulnerabilities in several ATEN IP KVM Switches
28.05.2009
Jakob Lell
Med.
DotNetNuke Default Machine Key Exposure
01.04.2009
gdssecurity
Med.
MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities
21.02.2009
CWH
Med.
MD5 Considered Harmful Today: Creating a rogue CA certificate
07.01.2009
Alexander Sotirov
Med.
Joomla: Session hijacking vulnerability
17.12.2008
Hanno Boeck
High
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework
20.11.2008
Erez Metula
Med.
Typo <= 5.1.3 Multiple Vulnerabilities
02.11.2008
L4teral
High
Aruba Mobility Controller Shared Default Certificate
24.09.2008
nnposter
Med.
Squirrelmail: Session hijacking vulnerability
23.09.2008
Hanno B
Med.
menalto gallery: Session hijacking vulnerability
23.09.2008
Hanno B
Low
Folder Lock <= 5.9.5 Local Password Information Disclosure
21.08.2008
Charalambous Glafkos
Med.
EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
22.07.2008
zhliu_at_fortinet.com


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-05-04
Waiting for details
CVE-2023-25934

Updating...
 

 
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

 
2022-12-19
Waiting for details
CVE-2021-4258

Updating...
 

 
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.

 
Waiting for details
CVE-2022-4610

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.

 
2019-09-03
Medium
CVE-2019-14261

Vendor: ABUS
Software: Secvest wire...
 

 
An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.

 
2019-08-22
Low
CVE-2019-9155

Vendor: Openpgpjs
Software: Openpgpjs
 

 
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

 
2019-08-15
High
CVE-2018-14062

Vendor: Cospas-sarsat
Software: Cospas-sarsa...
 

 
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.

 
2019-08-14
Medium
CVE-2019-9506

Vendor: Apple
Software: Iphone os
 

 
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

 
2019-08-08
Medium
CVE-2018-20954

Vendor: Mailpile
Software: Mailpile
 

 
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

 
2019-08-07
Medium
CVE-2016-5431

Vendor: Php jose project
Software: Php jose
 

 
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

 
Low
CVE-2019-10099

Vendor: Apache
Software: Spark
 

 
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top