Lucene search
+L

29 matches found

OSV
OSV
added 2021/04/06 4:15 p.m.3 views

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.5CVSS7.1AI score0.00904EPSS
Exploits0References3
OSV
OSV
added 2021/04/06 4:15 p.m.4 views

CVE-2020-36285

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.5CVSS7.1AI score0.00904EPSS
Exploits0References3
NVD
NVD
added 2021/04/06 4:15 p.m.18 views

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.5CVSS0.00904EPSS
Exploits0References3
CVE
CVE
added 2021/04/06 3:36 p.m.38 views

CVE-2020-36284

The CVE-2020-36284 issue affects UnionPay on Android versions prior to 3.4.93.4.9. Root cause: improper verification of cryptographic signatures (CWE-347) due to a MAC generated based on a secret key that is NULL. Impact: attackers can shop for free on merchants’ websites and mobile apps by craft...

7.5CVSS7.7AI score0.00904EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/06 12:0 a.m.7 views

PT-2021-10906 · Union Pay · Union Pay

Name of the Vulnerable Software and Affected Versions: Union Pay versions up to 1.2.0 Description: The issue allows attackers to shop for free in merchants' websites and mobile apps via a crafted authentication code MAC generated based on a secret key which is NULL. This is due to an improper...

7.5CVSS7.7AI score0.00924EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to intercept sessions.

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

4.3CVSS6.9AI score0.95326EPSS
Exploits9References24Affected Software1
NVD
NVD
added 2006/03/23 11:6 a.m.25 views

CVE-2006-0997

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...

5CVSS6.6AI score0.0162EPSS
Exploits0References7
Prion
Prion
added 2006/03/23 11:6 a.m.20 views

Design/Logic Flaw

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...

5CVSS7.2AI score0.0162EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/03/23 11:0 a.m.29 views

CVE-2006-0997

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...

6.6AI score0.0162EPSS
Exploits0References7
Rows per page
Query Builder