Total
617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10668 | 1 Xoev | 1 Osci Transport Library | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.
|
|||||
| CVE-2014-9969 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.
|
|||||
| CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
|
|||||
| CVE-2017-15998 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
|
|||||
| CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
|
|||||
| CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | 6.8 MEDIUM | 8.5 HIGH |
|
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
|
|||||
| CVE-2014-8687 | 1 Seagate | 2 Business Nas, Business Nas Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
|
|||||
| CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.
|
|||||
| CVE-2017-15997 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
|
|||||
| CVE-2017-1598 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.
|
|||||
| CVE-2017-1339 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
|
|||||
| CVE-2017-4917 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
|
|||||
| CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong.
|
|||||
| CVE-2015-0226 | 1 Apache | 1 Wss4j | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.
|
|||||
| CVE-2012-4449 | 1 Apache | 1 Hadoop | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
|
|||||
| CVE-2017-17717 | 1 Sonatype | 1 Nexus Repository Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
|
|||||
| CVE-2016-6602 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
|
|||||
| CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunn ...
Show More |
|||||
| CVE-2021-46900 | 1 Sympa | 1 Sympa | 2025-04-17 | N/A | 7.5 HIGH |
|
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
|
|||||
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
|
|||||
| CVE-2016-0923 | 1 Dell | 1 Bsafe | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.
|
|||||
| CVE-2015-0535 | 1 Dell | 2 Bsafe, Bsafe Ssl-c | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.
|
|||||
| CVE-2015-0533 | 1 Dell | 2 Bsafe, Bsafe Ssl-c | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.
|
|||||
| CVE-2007-6755 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could poten ...
Show More |
|||||
| CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
|
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
|
|||||
| CVE-2009-2273 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2008-3775 | 1 Newsoftwares | 1 Folder Lock | 2025-04-09 | 2.1 LOW | 4.4 MEDIUM |
|
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
|
|||||
| CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
|
|||||
| CVE-2007-4150 | 1 Visionsoft | 1 Audit | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2007-5460 | 1 Microsoft | 2 Activesync, Windows Mobile | 2025-04-09 | 7.1 HIGH | 4.6 MEDIUM |
|
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
|
|||||
| CVE-2023-0296 | 1 Redhat | 1 Openshift | 2025-04-04 | N/A | 5.3 MEDIUM |
|
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics ...
Show More |
|||||
| CVE-2024-4765 | 1 Mozilla | 1 Firefox | 2025-04-04 | N/A | 8.1 HIGH |
|
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
|
|||||
| CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
|
|||||
| CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Information from SSL-encrypted sessions via PKCS #1.
|
|||||
| CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
|
|||||
| CVE-2005-4860 | 1 Spectrumcu | 1 Cash Receipting System | 2025-04-03 | 6.9 MEDIUM | 7.8 HIGH |
|
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
|
|||||
| CVE-2025-2920 | 2025-04-01 | 1.2 LOW | 2.0 LOW | ||
|
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-51456 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2025-03-28 | N/A | 5.9 MEDIUM |
|
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
|
|||||
| CVE-2024-36823 | 1 Ninjaframework | 1 Ninja | 2025-03-25 | N/A | 7.5 HIGH |
|
The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.
|
|||||
| CVE-2024-41763 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2025-03-21 | N/A | 5.9 MEDIUM |
|
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||