映射到 CWE-310,CWE-312,CWE-326 的搜索结果 (1810)

CVE-2018-1425(发布:2018-02-27 12:29:00)NMS
CVSS4.3

[原文]IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.

CVE-2018-5762(发布:2018-02-26 10:29:00)NM
CVSS4.3

[原文]The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVE-2018-7298(发布:2018-02-22 14:29:05)NM
CVSS9.3

[原文]In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.

CVE-2017-5250(发布:2018-02-22 11:29:00)NM
CVSS5.0

[原文]In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CVE-2017-5251(发布:2018-02-22 11:29:00)NM
CVSS6.8

[原文]In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CVE-2017-5249(发布:2018-02-22 11:29:00)NM
CVSS5.0

[原文]In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

首页上一页12345678下一页尾页 第3页 / 共302页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站