Total
396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18241 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. | |||||
| CVE-2019-17598 | 1 Lightbend | 1 Play Framework | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host. | |||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | |||||
| CVE-2019-15806 | 1 Commscope | 2 Tr4400, Tr4400 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this. | |||||
| CVE-2019-15805 | 1 Commscope | 2 Tr4400, Tr4400 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this. | |||||
| CVE-2019-14855 | 3 Canonical, Fedoraproject, Gnupg | 3 Ubuntu Linux, Fedora, Gnupg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | |||||
| CVE-2019-14332 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. | |||||
| CVE-2019-13539 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. | |||||
| CVE-2019-13163 | 4 Fujitsu, Microsoft, Oracle and 1 more | 65 Celsius, Celsius Firmware, Gp7000f and 62 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. | |||||
| CVE-2019-12121 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | |||||
| CVE-2019-10907 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users. | |||||
| CVE-2019-10855 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | |||||
| CVE-2019-10639 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. | |||||
| CVE-2019-10638 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. | |||||
| CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | |||||
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||||
| CVE-2018-7242 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. | |||||
| CVE-2018-6653 | 2 Comforte, Hp | 2 Swap, Nonstop Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | |||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
| CVE-2018-6594 | 3 Canonical, Debian, Dlitz | 3 Ubuntu Linux, Debian Linux, Pycrypto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | |||||