Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1665 | 2 Debian, Ibm | 2 Debian Linux, Security Key Lifecycle Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.
|
|||||
| CVE-2017-1664 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.
|
|||||
| CVE-2017-1473 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
|
|||||
| CVE-2017-1366 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.
|
|||||
| CVE-2017-1255 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675.
|
|||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
|
|||||
| CVE-2017-16726 | 1 Beckhoff | 1 Twincat | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
|
|||||
| CVE-2017-16632 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
|
|||||
| CVE-2016-11043 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).
|
|||||
| CVE-2015-7449 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DO ...
Show More |
|||||
| CVE-2015-5361 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specifi ...
Show More |
|||||
| CVE-2015-4953 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.
|
|||||
| CVE-2014-0841 | 1 Ibm | 1 Rational Focal Point | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.
|
|||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
|
|||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
|
|||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
|
|||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
|
|||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
|
|||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
|
|||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
|
|||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
|
|||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Joomla! core 1.7.1 allows information disclosure due to weak encryption
|
|||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
|
|||||
| CVE-2023-6728 | 2024-11-05 | N/A | 3.3 LOW | ||
|
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
|
|||||
| CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-10-09 | N/A | 7.8 HIGH |
|
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.
|
|||||
| CVE-2024-47182 | 1 Amirraminfar | 1 Dozzle | 2024-10-04 | N/A | 7.5 HIGH |
|
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
|
|||||
| CVE-2024-8455 | 1 Planet | 6 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 3 more | 2024-10-04 | N/A | 5.9 MEDIUM |
|
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
|
|||||
| CVE-2021-38121 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.8 HIGH |
|
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
|
|||||
| CVE-2024-42163 | 1 Fiware | 1 Keyrock | 2024-08-29 | N/A | 8.1 HIGH |
|
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
|
|||||
| CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device.
|
|||||
| CVE-2024-21787 | 2024-08-14 | N/A | 6.4 MEDIUM | ||
|
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21881 | 2024-08-12 | N/A | N/A | ||
|
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
|
|||||
| CVE-2024-32758 | 1 Johnsoncontrols | 2 Exacqvision Client, Exacqvision Server | 2024-08-09 | N/A | 7.5 HIGH |
|
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
|
|||||
| CVE-2024-40719 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | N/A | 6.5 MEDIUM |
|
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.
|
|||||