Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3971 | 1 Mcafee | 1 Network Security Manager | 2024-09-17 | N/A |
| Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | ||||
| CVE-2017-8174 | 1 Huawei | 4 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 and 1 more | 2024-09-17 | N/A |
| Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. | ||||
| CVE-2017-1366 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-09-17 | N/A |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. | ||||
| CVE-2018-17177 | 1 Neatorobotics | 12 Botvac 85 Connected, Botvac 85 Firmware, Botvac D3 Connected and 9 more | 2024-09-17 | 2.4 Low |
| An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. | ||||
| CVE-2018-1425 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-17 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. | ||||
| CVE-2019-4175 | 1 Ibm | 1 Cognos Controller | 2024-09-17 | 7.5 High |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. | ||||
| CVE-2020-4099 | 1 Hcltech | 1 Verse | 2024-09-17 | 5.9 Medium |
| The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | ||||
| CVE-2019-4160 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2024-09-17 | 7.5 High |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. | ||||
| CVE-2014-9975 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | ||||
| CVE-2020-1982 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-17 | 4.8 Medium |
| Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue. | ||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2024-09-17 | N/A |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | ||||
| CVE-2021-36337 | 1 Dell | 1 Wyse Management Suite | 2024-09-17 | 6.5 Medium |
| Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | ||||
| CVE-2017-1255 | 1 Ibm | 1 Security Guardium | 2024-09-17 | N/A |
| IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. | ||||
| CVE-2017-1664 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. | ||||
| CVE-2021-38891 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-09-16 | 7.5 High |
| IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. | ||||
| CVE-2020-3549 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2024-09-16 | 8.1 High |
| A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | ||||
| CVE-2018-15124 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-09-16 | N/A |
| Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | ||||
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | ||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2024-09-16 | N/A |
| Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | ||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2024-09-16 | 7.5 High |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | ||||