Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15998 | 1 Nq | 1 Contacts Backup \& Restore | 2024-09-17 | N/A |
| In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. | ||||
| CVE-2012-4571 | 1 Python | 1 Keyring | 2024-09-17 | N/A |
| Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. | ||||
| CVE-2017-12129 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-17 | 8.0 High |
| An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | ||||
| CVE-2021-39076 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-17 | 7.5 High |
| IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. | ||||
| CVE-2021-36298 | 1 Dell | 2 Isilon Insightiq, Isilon Insightiq Firmware | 2024-09-17 | 8.1 High |
| Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2020-4596 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-09-17 | 7.5 High |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812. | ||||
| CVE-2017-1571 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-09-17 | N/A |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. | ||||
| CVE-2019-4553 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
| IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | ||||
| CVE-2019-4609 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
| IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510. | ||||
| CVE-2020-28498 | 1 Elliptic Project | 1 Elliptic | 2024-09-17 | 6.8 Medium |
| The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. | ||||
| CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2024-09-17 | 7.5 High |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | ||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-09-17 | 7.5 High |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | ||||
| CVE-2019-3700 | 1 Suse | 1 Yast2-security | 2024-09-17 | 2.9 Low |
| yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. | ||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2024-09-17 | 5.9 Medium |
| Data is truncated wrong when its length is greater than 255 bytes. | ||||
| CVE-2019-1563 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Core Services | 2024-09-17 | 3.7 Low |
| In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | ||||
| CVE-2019-12621 | 1 Cisco | 10 Hyperflex Hx220c Af M5, Hyperflex Hx220c Af M5 Firmware, Hyperflex Hx220c Edge M5 and 7 more | 2024-09-17 | 7.4 High |
| A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. | ||||
| CVE-2022-2097 | 6 Debian, Fedoraproject, Netapp and 3 more | 16 Debian Linux, Fedora, Active Iq Unified Manager and 13 more | 2024-09-17 | 5.3 Medium |
| AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | ||||
| CVE-2022-22327 | 1 Ibm | 1 Urbancode Deploy | 2024-09-17 | 7.5 High |
| IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. | ||||
| CVE-2018-7211 | 1 Idashboards | 1 Idashboards | 2024-09-17 | N/A |
| An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials. | ||||
| CVE-2021-39082 | 1 Ibm | 1 Urbancode Deploy | 2024-09-17 | 7.5 High |
| IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||