Total
387 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37587 | 1 Jhu | 1 Charm | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. | |||||
CVE-2020-24587 | 6 Arista, Cisco, Debian and 3 more | 332 C-100, C-100 Firmware, C-110 and 329 more | 2023-12-10 | 1.8 LOW | 2.6 LOW |
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | |||||
CVE-2020-36363 | 1 Amazon | 1 Amazon Cloudfront | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | |||||
CVE-2021-40528 | 1 Gnupg | 1 Libgcrypt | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | |||||
CVE-2020-4965 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. | |||||
CVE-2021-29722 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | |||||
CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | |||||
CVE-2021-40529 | 3 Botan Project, Fedoraproject, Mozilla | 3 Botan, Fedora, Thunderbird | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
CVE-2021-29694 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. | |||||
CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
CVE-2020-24588 | 8 Arista, Cisco, Debian and 5 more | 350 C-100, C-100 Firmware, C-110 and 347 more | 2023-12-10 | 2.9 LOW | 3.5 LOW |
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | |||||
CVE-2021-22212 | 2 Fedoraproject, Ntpsec | 2 Fedora, Ntpsec | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. | |||||
CVE-2019-25052 | 1 Linaro | 1 Op-tee | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | |||||
CVE-2020-26515 | 1 Intland | 1 Codebeamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key. | |||||
CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | |||||
CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | |||||
CVE-2021-34687 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2023-12-10 | 2.9 LOW | 5.3 MEDIUM |
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. | |||||
CVE-2021-29704 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
CVE-2020-28396 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-8021 and 3 more | 2023-12-10 | 4.9 MEDIUM | 7.3 HIGH |
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a userĀ“s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. |