Vulnerabilities (CVE)

CWE filter

CWE-330

Filter

46 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17105 1 Centreon 1 Centreon Web 2019-10-15 5.0
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
CVE-2018-1279 1 Pivotal Software 1 Rabbitmq 2019-10-09 3.3
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this...
CVE-2018-17888 1 Nuuo 1 Nuuo Cms 2019-10-09 7.5
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
CVE-2018-13280 1 Synology 1 Diskstation Manager 2019-10-09 4.3
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
CVE-2017-7905 1 Ge 10 Multilin Sr 489 Generator Protection Relay Firmware, Multilin Urplus C90 Firmware, Multilin Urplus D90 Firmware and 7 more 2019-10-09 5.0
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469...
CVE-2017-7902 1 Rockwellautomation 20 1766-l32bxba Series B, 1766-l32bwaa Series A, 1763-l16dwd Series B and 17 more 2019-10-09 5.0
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B,...
CVE-2017-12361 1 Cisco 1 Jabber 2019-10-09 2.1
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional...
CVE-2019-2294 1 Qualcomm 47 Mdm9205 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 44 more 2019-10-03 10.0
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...
CVE-2017-13084 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 5.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2017-13078 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2018-16239 1 Damicms 1 Damicms 2019-10-03 5.0
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
CVE-2017-15654 1 Asus 1 Asuswrt 2019-10-03 7.6
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
CVE-2017-17704 1 Swhouse 1 Istar Ultra Firmware 2019-10-03 5.8
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed...
CVE-2017-13079 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13087 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay...
CVE-2017-13088 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to...
CVE-2017-1000246 1 Pysaml2 Project 1 Pysaml2 2019-10-03 5.0
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVE-2017-16924 1 Zohocorp 1 Manageengine Desktop Central 2019-10-03 5.0
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable...
CVE-2018-15807 1 Posim 1 Evo 2019-10-03 4.6
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code...
CVE-2018-19983 1 Silabs 2 Z-wave S0 Firmware, Z-wave S2 Firmware 2019-10-03 6.1
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the...