CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-06-25
Medium
CVE-2020-11735

Vendor: Wolfssl
Software: Wolfssl
 

 
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."

 
2020-06-24
Medium
CVE-2020-10275

Updating...
 

 
The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data.

 
2020-06-12
Low
CVE-2020-3929

Updating...
 

 
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

 
2020-06-03
Medium
CVE-2020-13785

Updating...
 

 
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.

 
2020-05-15
Low
CVE-2020-12872

Vendor: YAWS
Software: YAWS
 

 
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks.

 
2020-05-10
Medium
CVE-2020-9315

Vendor: Oracle
Software: Iplanet web ...
 

 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

 
2020-04-30
Medium
CVE-2020-5885

Vendor: F5
Software: Big-ip acces...
 

 
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

 
Medium
CVE-2020-5884

Vendor: F5
Software: Big-ip acces...
 

 
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.

 
Medium
CVE-2020-5886

Vendor: F5
Software: Big-ip acces...
 

 
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

 
2020-04-17
Low
CVE-2019-20775

Updating...
 

 
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).

 

 


Copyright 2020, cxsecurity.com

 

Back to Top