映射到 CWE-310,CWE-312,CWE-326 的搜索结果 (1786)

CVE-2016-7812(发布:2017-08-02 12:29:00)NMS
CVSS4.3

[原文]The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.

CVE-2017-11131(发布:2017-08-01 10:29:00)NP
CVSS4.3

[原文]An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash.

CVE-2017-11132(发布:2017-08-01 10:29:00)NP
CVSS5.0

[原文]An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.

CVE-2016-0736(发布:2017-07-27 17:29:00)NMPS
CVSS5.0

[原文]In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

CVE-2015-8013(发布:2017-07-25 14:29:00)NM
CVSS5.0

[原文]s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.

CVE-2017-9553(发布:2017-07-24 16:29:00)NM
CVSS4.3

[原文]A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

首页上一页4567891011下一页尾页 第6页 / 共298页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站