Search
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5224 | 1 Django-user-sessions Project | 1 Django-user-sessions | 2020-01-29 | 4.0 MEDIUM | 8.8 HIGH |
| In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | |||||
| CVE-2019-18263 | 1 Philips | 6 Endura, Endura Firmware, Pulsera and 3 more | 2020-01-10 | 3.3 LOW | 6.5 MEDIUM |
| An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. | |||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2019-12-18 | 5.8 MEDIUM | 7.4 HIGH |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | |||||
| CVE-2019-18241 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2019-12-18 | 3.3 LOW | 6.5 MEDIUM |
| In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. | |||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 5.8 MEDIUM | 4.8 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | |||||
| CVE-2019-4339 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. | |||||
| CVE-2019-4151 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. | |||||
| CVE-2019-4175 | 1 Ibm | 1 Cognos Controller | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. | |||||
| CVE-2018-5461 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2019-10-09 | 5.8 MEDIUM | 6.5 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack. | |||||
| CVE-2018-1814 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. | |||||
| CVE-2018-2007 | 1 Ibm | 1 Api Connect | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | |||||
| CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | |||||
| CVE-2018-1925 | 1 Ibm | 1 Websphere Mq | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. | |||||
| CVE-2018-1751 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Key Lifecycle Manager, Linux Kernel and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. | |||||
| CVE-2018-1665 | 1 Ibm | 1 Datapower Gateway | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. | |||||
| CVE-2018-1593 | 1 Ibm | 1 Multi-cloud Data Encryption | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. | |||||
| CVE-2018-1518 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. | |||||
| CVE-2018-19001 | 1 Philips | 1 Healthsuite Health | 2019-10-09 | 4.6 MEDIUM | 4.3 MEDIUM |
| Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. | |||||
| CVE-2018-0131 | 1 Cisco | 2 Ios, Ios Xe | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | |||||
| CVE-2017-9635 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2019-10-09 | 1.9 LOW | 3.9 LOW |
| Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
| CVE-2017-9645 | 1 Mirion | 16 Dmc 3000 Transmitter, Dmc 3000 Transmitter Firmware, Drm-1\/2 and 13 more | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. | |||||
| CVE-2017-7905 | 1 Ge | 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |||||
| CVE-2017-5535 | 1 Tibco | 1 Datasynapse Gridserver Manager | 2019-10-09 | 4.3 MEDIUM | 6.8 MEDIUM |
| The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. | |||||
| CVE-2017-3971 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. | |||||
| CVE-2017-2598 | 1 Jenkins | 1 Jenkins | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304). | |||||
| CVE-2017-1366 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. | |||||
| CVE-2017-1713 | 1 Ibm | 1 Infosphere Streams | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632. | |||||
| CVE-2017-1695 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. | |||||
| CVE-2017-16726 | 1 Beckhoff | 1 Twincat | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable. | |||||
| CVE-2017-2399 | 1 Apple | 1 Iphone Os | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). | |||||
| CVE-2017-7673 | 1 Apache | 1 Openmeetings | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | |||||
| CVE-2017-14262 | 1 Samsung | 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | |||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2019-10-03 | 6.0 MEDIUM | 7.5 HIGH |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
| CVE-2018-19784 | 1 Php-proxy | 1 Php-proxy | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. | |||||
| CVE-2018-6653 | 2 Comforte, Hp | 2 Swap, Nonstop Server | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | |||||
| CVE-2019-4102 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-07-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | |||||
| CVE-2018-20810 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | |||||
| CVE-2019-4256 | 1 Ibm | 1 Api Connect | 2019-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. | |||||
| CVE-2018-1608 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. | |||||
| CVE-2017-1665 | 2 Debian, Ibm | 2 Debian Linux, Security Key Lifecycle Manager | 2019-04-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. | |||||
| CVE-2017-6284 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2019-04-02 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. | |||||
| CVE-2018-5184 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2019-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | |||||
| CVE-2018-1648 | 1 Ibm | 1 Qradar Incident Forensics | 2018-12-26 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. | |||||
| CVE-2018-7242 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2018-12-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. | |||||
| CVE-2017-13699 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2018-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. | |||||
| CVE-2016-4693 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. | |||||
| CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||