Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Nic nie znaleziono w bazie WLB2
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2024-06-02
CVE-2024-36391
Updating...
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
2019-09-05
Medium
CVE-2019-14222
Vendor:
Alfresco
Software:
Alfresco
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.
2019-08-21
Medium
CVE-2019-12621
Vendor:
Cisco
Software:
Hyperflex hx...
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
2019-08-01
Low
CVE-2018-20936
Vendor:
Cpanel
Software:
Cpanel
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
2019-07-29
Medium
CVE-2019-1020004
Vendor:
Tridactyl project
Software:
Tridactyl
Tridactyl before 1.16.0 allows fake key events.
2019-07-09
Low
CVE-2019-9148
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person.
Medium
CVE-2019-9149
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.
Medium
CVE-2019-9150
Vendor:
Mailvelope
Software:
Mailvelope
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.
2019-05-23
Low
CVE-2019-10851
Vendor:
Computrols
Software:
Computrols b...
Computrols CBAS 18.0.0 has hard-coded encryption keys.
2019-05-16
Medium
CVE-2019-10112
Vendor:
Gitlab
Software:
Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English