Vulnerabilities (CVE)

CWE filter

CWE-310

Filter

2664 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5754 1 Google 1 Chrome 2019-02-20 4.3
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
CVE-2018-15796 2019-02-15 5.5
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the...
CVE-2015-8867 2 Php, Canonical 2 Php, Ubuntu Linux 2019-02-14 5.0
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to...
CVE-2018-3616 1 Intel 1 Active Management Technology 2019-02-14 4.3
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
CVE-2018-20769 2019-02-13 5.0
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-02-12 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2018-7839 1 Schneider-electric 1 Iiot Monitor 2019-02-07 2.1
A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.
CVE-2018-18984 1 Medtronic 3 29901 Encore Programmer Firmware, Carelink 2090 Programmer Firmware, Carelink 9790 Programmer Firmware 2019-02-06 2.1
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
CVE-2018-19653 2019-02-06 4.3
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVE-2015-1454 1 Bluecoat 2 Unified Agent, Proxyclient 2019-02-05 7.1
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently...
CVE-2018-19608 1 Arm 1 Mbed Tls 2019-02-05 1.9
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2018-1000180 2 Bouncycastle, Debian 3 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux 2019-02-05 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than...
CVE-2013-5960 1 Owasp 1 Enterprise Security Api 2019-02-04 5.8
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for...
CVE-2018-16868 1 Gnu 1 Gnutls 2019-01-31 3.3
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use...
CVE-2018-16869 1 Nettle Project 1 Nettle 2019-01-31 3.3
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process,...
CVE-2015-1145 1 Apple 1 Mac Os X 2019-01-31 1.9
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
CVE-2015-1146 1 Apple 1 Mac Os X 2019-01-31 1.9
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
CVE-2018-16870 1 Wolfssl 1 Wolfssl 2019-01-29 4.3
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
CVE-2017-18160 1 Qualcomm 8 Mdm9635m Firmware, Mdm9645 Firmware, Mdm9650 Firmware and 5 more 2019-01-28 10.0
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850
CVE-2012-6702 4 Libexpat, Debian, Canonical and 1 more 4 Debian Linux, Expat, Ubuntu Linux and 1 more 2019-01-18 4.3
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.