Vulnerabilities (CVE)

CWE filter

CWE-310

Filter

2690 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6185 1 Cloudera 2 Cloudera Manager, Navigator Key Trustee Kms 2019-06-11 5.5
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache...
CVE-2019-7311 1 Linksys 1 Wrt1900acs Firmware 2019-06-09 7.2
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable...
CVE-2018-7839 1 Schneider-electric 1 Iiot Monitor 2019-06-07 2.1
A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.
CVE-2019-11946 1 Hp 1 Intelligent Management Center 2019-06-06 6.8
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-8352 1 Bmc 1 Patrol Agent 2019-06-04 7.5
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could...
CVE-2017-14852 2019-06-04 5.0
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
CVE-2019-1543 1 Openssl 1 Openssl 2019-06-03 5.8
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with...
CVE-2018-10846 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-05-30 1.9
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover...
CVE-2018-10845 3 Gnu, Debian, Redhat 5 Gnutls, Debian Linux, Enterprise Linux Desktop and 2 more 2019-05-30 4.3
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing...
CVE-2018-10844 3 Gnu, Debian, Redhat 6 Gnutls, Debian Linux, Enterprise Linux Desktop and 3 more 2019-05-30 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing...
CVE-2018-16868 1 Gnu 1 Gnutls 2019-05-30 3.3
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use...
CVE-2018-11976 1 Qualcomm 47 215 Firmware, Ipq8074 Firmware, Mdm9150 Firmware and 44 more 2019-05-29 4.9
ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...
CVE-2019-11841 1 Golang 1 Crypto 2019-05-24 4.3
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can...
CVE-2019-6576 1 Siemens 4 Simatic Wincc Runtime, Simatic Hmi Mp Firmware, Simatic Hmi Op Firmware and 1 more 2019-05-22 5.0
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F,...
CVE-2019-9861 1 Abus 1 Secvest Wireless Alarm System Fuaa50000 Firmware 2019-05-17 4.8
Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.
CVE-2015-2476 1 Microsoft 8 Windows Rt 8.1, Windows 8, Windows Server 2008 and 5 more 2019-05-17 2.6
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers...
CVE-2015-6112 1 Microsoft 8 Windows Rt 8.1, Windows 8, Windows Server 2008 and 5 more 2019-05-16 5.8
SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure...
CVE-2015-0010 1 Microsoft 10 Windows Rt 8.1, Windows 2003 Server, Windows 8 and 7 more 2019-05-15 1.9
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows...
CVE-2014-0296 1 Microsoft 4 Windows 7, Windows 8.1, Windows Server 2012 and 1 more 2019-05-15 5.1
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive...
CVE-2015-1637 1 Microsoft 10 Windows Rt 8.1, Windows 2003 Server, Windows 8 and 7 more 2019-05-14 4.3
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly...