Total
360 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0533 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
CVE-2020-5763 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | |||||
CVE-2020-1982 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue. | |||||
CVE-2020-10244 | 1 Jpaseto Project | 1 Jpaseto | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. | |||||
CVE-2019-4557 | 1 Ibm | 1 Qradar Advisor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206. | |||||
CVE-2019-17598 | 1 Lightbend | 1 Play Framework | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host. | |||||
CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | |||||
CVE-2019-18863 | 1 Mitel | 16 6863i, 6863i Firmware, 6865i and 13 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information. | |||||
CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | |||||
CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2024-02-28 | 5.0 MEDIUM | 10.0 CRITICAL |
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | |||||
CVE-2020-6966 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network. | |||||
CVE-2019-19299 | 1 Siemens | 1 Sinvr\/sivms Video Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks. | |||||
CVE-2020-5224 | 1 Django-user-sessions Project | 1 Django-user-sessions | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | |||||
CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||||
CVE-2019-13163 | 4 Fujitsu, Microsoft, Oracle and 1 more | 65 Celsius, Celsius Firmware, Gp7000f and 62 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. | |||||
CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Joomla! core 1.7.1 allows information disclosure due to weak encryption | |||||
CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | |||||
CVE-2019-18263 | 1 Philips | 6 Endura, Endura Firmware, Pulsera and 3 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. | |||||
CVE-2015-5361 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default. |