映射到 CWE-310,CWE-312,CWE-326 的搜索结果 (1775)

CVE-2017-1375(发布:2017-10-24 17:29:00)NMPS
CVSS5.0

[原文]IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.

CVE-2017-7133(发布:2017-10-22 21:29:13)NMP
CVSS5.0

[原文]An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.

CVE-2012-6707(发布:2017-10-19 15:29:00)NM
CVSS5.0

[原文]WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.

CVE-2014-2903(发布:2017-10-06 11:29:00)NM
CVSS4.3

[原文]CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.

CVE-2017-8444(发布:2017-09-28 21:34:50)NM
CVSS4.3

[原文]The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

CVE-2014-8878(发布:2017-09-27 21:29:00)NMCS
CVSS4.3

[CNNVD]KMail 安全漏洞--Kontact是KDE社区开发的一套个人信息管理器和组件的软件套件。KMail是其中的一个电子邮件组件。 KMail中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。

12345678下一页尾页 第1页 / 共296页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站