映射到 CWE-327 的搜索结果 (7)

CVE-2017-11133(发布:2017-08-01 10:29:00)NP
CVSS5.0

[原文]An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong.

CVE-2016-3099(发布:2017-06-08 15:29:00)NMP
CVSS5.0

[原文]mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

CVE-2014-8687(发布:2017-06-08 12:29:00)NMCPS
CVSS10.0

[CNNVD]Seagate Business Storage 2-Bay NAS 远程代码执行漏洞--Seagate Business Storage 2-Bay NAS是美国希捷(Seagate)公司的一款企业级网络存储服务器。 Seagate Business Storage 2-Bay NAS中存在远程代码执行漏洞。攻击者可利用该漏洞以root权限执行任意代码,也可能造成拒...

CVE-2016-6485(发布:2017-03-01 15:59:00)NM
CVSS5.0

[原文]The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

CVE-2016-8370(发布:2017-02-13 16:59:01)NM
CVSS5.0

[原文]An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.

CVE-2016-6602(发布:2017-01-23 16:59:02)NMP
CVSS5.0

[原文]ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

12下一页尾页 第1页 / 共2页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站