Total
377 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1518 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. | |||||
CVE-2019-7648 | 1 Hotels Server Project | 1 Hotels Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. | |||||
CVE-2018-1593 | 1 Ibm | 1 Multi-cloud Data Encryption | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. | |||||
CVE-2017-1695 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. | |||||
CVE-2019-9483 | 1 Amazon | 2 Ring Video Doorbell, Ring Video Doorbell Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | |||||
CVE-2018-1785 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. | |||||
CVE-2018-1665 | 1 Ibm | 1 Datapower Gateway | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. | |||||
CVE-2018-1648 | 1 Ibm | 1 Qradar Incident Forensics | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. | |||||
CVE-2018-17177 | 1 Neatorobotics | 12 Botvac 85 Connected, Botvac 85 Firmware, Botvac D3 Connected and 9 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. | |||||
CVE-2018-18767 | 2 D-link, Dlink | 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | |||||
CVE-2017-1366 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. | |||||
CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | |||||
CVE-2018-19784 | 1 Php-proxy | 1 Php-proxy | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. | |||||
CVE-2018-1545 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. | |||||
CVE-2018-19001 | 1 Philips | 1 Healthsuite Health | 2023-12-10 | 4.6 MEDIUM | 4.3 MEDIUM |
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. | |||||
CVE-2018-6635 | 1 Avaya | 1 Aura | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
CVE-2017-1701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393. | |||||
CVE-2014-0841 | 1 Ibm | 1 Rational Focal Point | 2023-12-10 | 2.1 LOW | 5.3 MEDIUM |
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | |||||
CVE-2018-6594 | 3 Canonical, Debian, Dlitz | 3 Ubuntu Linux, Debian Linux, Pycrypto | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | |||||
CVE-2018-4839 | 1 Siemens | 17 Digsi 4, En100 Ethernet Module Dnp3, En100 Ethernet Module Dnp3 Firmware and 14 more | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. |