Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weak vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-27010
Wondershare Dr.Fone v12.9.6 exists to contain weak permissions for the service WsDrvInst. This vulnerability allows malicious users to escalate privileges via modifying or overwriting the executable.
Wondershare Dr.fone 12.9.6
NA
CVE-2004-0390
SCO OpenServer 5.0.5 up to and including 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote malicious users to gain unauthorized access to an X session via other X login methods.
Sco Openserver 5.0.5
Sco Openserver 5.0.6
Sco Openserver 5.0.7
1 EDB exploit
NA
CVE-1999-0944
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
1 EDB exploit
7.5
CVSSv3
CVE-2005-2946
The default configuration on OpenSSL prior to 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote malicious users to forge certificates with a valid certificate authority signature.
Openssl Openssl
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
NA
CVE-2000-0559
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
Broadcom Etrust Intrusion Detection
1 EDB exploit
NA
CVE-1999-0470
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
Novell Netware 4.0
1 EDB exploit
7.8
CVSSv3
CVE-2017-13091
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods a...
- - -
7.8
CVSSv3
CVE-2017-13092
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed...
- - -
7.8
CVSSv3
CVE-2017-13093
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the m...
- - -
7.8
CVSSv3
CVE-2017-13094
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed a...
- - -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »