Total
384 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
CVE-2014-9969 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||||
CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong. | |||||
CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. | |||||
CVE-2015-0226 | 1 Apache | 1 Wss4j | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. | |||||
CVE-2014-8687 | 1 Seagate | 2 Business Nas, Business Nas Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | |||||
CVE-2017-15997 | 1 Nq | 1 Contacts Backup \& Restore | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | |||||
CVE-2017-17717 | 1 Sonatype | 1 Nexus Repository Manager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | |||||
CVE-2017-14937 | 1 Pcu | 1 Pcu | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment. | |||||
CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2023-12-10 | 6.8 MEDIUM | 8.5 HIGH |
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | |||||
CVE-2017-8157 | 1 Huawei | 4 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware, Oceanstor 6900 V3 and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. | |||||
CVE-2017-1339 | 1 Ibm | 1 Tivoli Storage Manager | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. | |||||
CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | |||||
CVE-2016-8370 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | |||||
CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | |||||
CVE-2016-6602 | 1 Zohocorp | 1 Webnms Framework | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. | |||||
CVE-2016-6485 | 1 Magento | 1 Magento2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value. | |||||
CVE-2016-0923 | 1 Dell | 1 Bsafe | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. | |||||
CVE-2015-0533 | 1 Dell | 2 Bsafe, Bsafe Ssl-c | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. | |||||
CVE-2015-0535 | 1 Dell | 2 Bsafe, Bsafe Ssl-c | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204. |