Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0153 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | ||||
| CVE-2016-1000346 | 3 Bouncycastle, Debian, Redhat | 5 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux, Jboss Fuse and 2 more | 2024-08-06 | N/A |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. | ||||
| CVE-2016-10011 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-08-06 | N/A |
| authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | ||||
| CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2024-08-06 | N/A |
| Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | ||||
| CVE-2016-8635 | 2 Mozilla, Redhat | 8 Network Security Services, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-08-06 | N/A |
| It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | ||||
| CVE-2016-8614 | 1 Redhat | 1 Ansible | 2024-08-06 | N/A |
| A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. | ||||
| CVE-2016-7056 | 4 Canonical, Debian, Openssl and 1 more | 6 Ubuntu Linux, Debian Linux, Openssl and 3 more | 2024-08-06 | N/A |
| A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | ||||
| CVE-2016-6886 | 1 Matrixssl | 1 Matrixssl | 2024-08-06 | N/A |
| The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | ||||
| CVE-2016-6879 | 1 Botan Project | 1 Botan | 2024-08-06 | N/A |
| The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | ||||
| CVE-2016-6882 | 1 Matrixssl | 1 Matrixssl | 2024-08-06 | N/A |
| MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | ||||
| CVE-2016-2880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-05 | N/A |
| IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. | ||||
| CVE-2016-2217 | 1 Dest-unreach | 1 Socat | 2024-08-05 | N/A |
| The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | ||||
| CVE-2017-18323 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2024-08-05 | N/A |
| Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. | ||||
| CVE-2017-18319 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-08-05 | N/A |
| Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016. | ||||
| CVE-2017-13887 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. | ||||
| CVE-2017-2625 | 2 Redhat, X.org | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-08-05 | N/A |
| It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. | ||||
| CVE-2018-20187 | 1 Botan Project | 1 Botan | 2024-08-05 | N/A |
| A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. | ||||
| CVE-2018-9234 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-08-05 | N/A |
| GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. | ||||
| CVE-2018-7559 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-08-05 | N/A |
| An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. | ||||
| CVE-2018-7534 | 1 Unisys | 1 Stealth Authorization Server | 2024-08-05 | N/A |
| In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | ||||