Vulnerabilities (CVE)

CWE filter

CWE-326

Filter

10 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-0448 2019-10-09 7.5
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The...
CVE-2017-14262 1 Samsung 4 Srn 1670d Firmware, Srn 472s Firmware, Srn 1000 Firmware and 1 more 2019-10-03 9.3
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
CVE-2018-20810 1 Pulsesecure 2 Pulse Connect Secure, Pulse Policy Secure 2019-07-03 7.5
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS...
CVE-2017-11317 1 Telerik 1 Ui For Asp.net Ajax 2018-10-17 7.5
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE-2018-15124 1 Zipato 1 Zipabox Firmware 2018-10-10 10.0
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2017-1000486 1 Primetek 1 Primefaces 2018-01-24 7.5
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
CVE-2017-14797 1 Philips 1 Hue Bridge Bsb002 Firmware 2017-11-21 7.9
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected...
CVE-2014-9975 1 Google 1 Android 2017-08-23 10.0
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
CVE-2015-0575 1 Google 1 Android 2017-08-21 10.0
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
CVE-2017-8076 1 Tp-link 1 Tl-sg108e Firmware 2017-04-27 7.8
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.