CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-06-02
Waiting for details
CVE-2024-36391

Updating...
 

 
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic

 
2019-09-05
Medium
CVE-2019-14222

Vendor: Alfresco
Software: Alfresco
 

 
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.

 
2019-08-21
Medium
CVE-2019-12621

Vendor: Cisco
Software: Hyperflex hx...
 

 
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.

 
2019-08-01
Low
CVE-2018-20936

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

 
2019-07-29
Medium
CVE-2019-1020004

Vendor: Tridactyl project
Software: Tridactyl
 

 
Tridactyl before 1.16.0 allows fake key events.

 
2019-07-09
Low
CVE-2019-9148

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person.

 
Medium
CVE-2019-9149

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.

 
Medium
CVE-2019-9150

Vendor: Mailvelope
Software: Mailvelope
 

 
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.

 
2019-05-23
Low
CVE-2019-10851

Vendor: Computrols
Software: Computrols b...
 

 
Computrols CBAS 18.0.0 has hard-coded encryption keys.

 
2019-05-16
Medium
CVE-2019-10112

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top