Total
518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20138 | 1 Http Authentication Library Project | 1 Http Authentication Library | 2024-08-05 | 7.5 High |
| The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | ||||
| CVE-2019-19891 | 1 Mitel | 2 Sip-dect, Sip-dect Firmware | 2024-08-05 | 5.9 Medium |
| An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information. | ||||
| CVE-2019-18832 | 1 Barco | 2 Clickshare Button R9861500d01, Clickshare Button R9861500d01 Firmware | 2024-08-05 | 8.1 High |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01. | ||||
| CVE-2019-18340 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-08-05 | 5.5 Medium |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. | ||||
| CVE-2019-17428 | 1 Intesync | 1 Solismed | 2024-08-05 | 5.9 Medium |
| An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted. | ||||
| CVE-2019-16863 | 1 St | 8 St33tphf20i2c, St33tphf20i2c Firmware, St33tphf20spi and 5 more | 2024-08-05 | 5.9 Medium |
| STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | ||||
| CVE-2019-16370 | 1 Gradle | 1 Gradle | 2024-08-05 | 5.9 Medium |
| The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | ||||
| CVE-2019-16208 | 1 Broadcom | 1 Brocade Sannav | 2024-08-05 | 7.5 High |
| Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | ||||
| CVE-2019-16143 | 1 Blake2 | 1 Blake2-rust | 2024-08-05 | 9.8 Critical |
| An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. | ||||
| CVE-2019-16116 | 1 Enterprisedt | 1 Completeftp Server | 2024-08-05 | 4.3 Medium |
| EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. | ||||
| CVE-2019-15955 | 1 Totaljs | 1 Total.js Cms | 2024-08-05 | N/A |
| An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password. | ||||
| CVE-2019-15653 | 1 Comba | 2 Ap2600-i - A02 - 0202n00pd2, Ap2600-i - A02 - 0202n00pd2 Firmware | 2024-08-05 | 7.5 High |
| Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). | ||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2024-08-05 | 7.5 High |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | ||||
| CVE-2019-14852 | 1 Redhat | 1 3scale Api Management | 2024-08-05 | 7.5 High |
| A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue. | ||||
| CVE-2019-14089 | 1 Qualcomm | 30 Kamorta, Kamorta Firmware, Nicobar and 27 more | 2024-08-05 | 7.8 High |
| u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2019-14001 | 1 Qualcomm | 46 Apq8009, Apq8009 Firmware, Apq8017 and 43 more | 2024-08-05 | 7.8 High |
| Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20 | ||||
| CVE-2019-13629 | 1 Matrixssl | 1 Matrixssl | 2024-08-04 | 5.9 Medium |
| MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. | ||||
| CVE-2019-13604 | 1 Assaabloy | 2 Hid Digitalpersona 4500, Hid Digitalpersona 4500 Firmware | 2024-08-04 | N/A |
| There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak. | ||||
| CVE-2019-13022 | 1 Jetstream | 1 Jetselect | 2024-08-04 | 9.8 Critical |
| Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). | ||||
| CVE-2019-13052 | 1 Logitech | 2 Unifying Receiver, Unifying Receiver Firmware | 2024-08-04 | N/A |
| Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. | ||||