Search
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15124 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2018-10-10 | 10.0 HIGH | 9.8 CRITICAL |
| Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | |||||
| CVE-2014-0841 | 1 Ibm | 1 Rational Focal Point | 2018-06-07 | 2.1 LOW | 5.3 MEDIUM |
| IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | |||||
| CVE-2017-1255 | 1 Ibm | 1 Security Guardium | 2018-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. | |||||
| CVE-2017-1701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2018-05-23 | 4.0 MEDIUM | 8.8 HIGH |
| IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393. | |||||
| CVE-2017-1473 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. | |||||
| CVE-2015-4953 | 1 Ibm | 1 Bigfix Remote Control | 2018-04-24 | 5.8 MEDIUM | 4.8 MEDIUM |
| IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. | |||||
| CVE-2015-7449 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2018-04-13 | 2.1 LOW | 3.3 LOW |
| IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. | |||||
| CVE-2018-1425 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2018-03-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. | |||||
| CVE-2018-5298 | 1 Pg | 1 Oral-b App | 2018-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. | |||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2018-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | |||||
| CVE-2017-1664 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. | |||||
| CVE-2017-14090 | 1 Trendmicro | 1 Scanmail | 2017-12-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | |||||
| CVE-2017-17436 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2017-12-22 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. | |||||
| CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2017-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | |||||
| CVE-2017-8174 | 1 Huawei | 4 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 and 1 more | 2017-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. | |||||
| CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2017-11-21 | 7.9 HIGH | 7.5 HIGH |
| Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | |||||
| CVE-2017-1375 | 1 Ibm | 1 Storwize Unified V7000 Software | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. | |||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | |||||
| CVE-2017-12871 | 1 Simplesamlphp | 1 Simplesamlphp | 2017-09-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | |||||
| CVE-2014-9975 | 1 Google | 1 Android | 2017-08-23 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | |||||
| CVE-2015-0575 | 1 Google | 1 Android | 2017-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | |||||
| CVE-2017-1224 | 1 Ibm | 1 Bigfix Platform | 2017-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | |||||
| CVE-2017-2391 | 1 Apple | 3 Keynote, Numbers, Pages | 2017-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | |||||
| CVE-2017-7903 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2017-07-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password. | |||||
| CVE-2017-1319 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2017-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||||
| CVE-2017-2380 | 1 Apple | 1 Iphone Os | 2017-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. | |||||
| CVE-2017-1179 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2017-06-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | |||||
| CVE-2017-7229 | 1 Vaultive | 1 Office 365 Security | 2017-05-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). | |||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr | 2017-05-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | |||||
| CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2017-04-27 | 7.8 HIGH | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2016-5056 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. | |||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2017-04-10 | 3.3 LOW | 8.8 HIGH |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | |||||
| CVE-2017-5239 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2017-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. | |||||
| CVE-2016-9121 | 1 Go-jose Project | 1 Go-jose | 2017-03-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. | |||||
| CVE-2016-10104 | 1 Hiteksoftware | 1 Automize | 2017-03-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
| CVE-2016-10102 | 1 Hiteksoftware | 1 Automize | 2017-03-16 | 4.3 MEDIUM | 8.1 HIGH |
| hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected. | |||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2017-03-16 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
| CVE-2017-5999 | 1 Syspass | 1 Syspass | 2017-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system. | |||||
| CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2017-03-15 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | |||||
| CVE-2016-2879 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-04 | 2.1 LOW | 7.8 HIGH |
| IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. | |||||
| CVE-2016-4685 | 1 Apple | 1 Iphone Os | 2017-02-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||||
| CVE-2016-3034 | 1 Ibm | 1 Security Appscan Source | 2017-02-13 | 2.1 LOW | 4.4 MEDIUM |
| IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. | |||||
| CVE-2015-8085 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2016-11-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | |||||
| CVE-2015-8086 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2016-11-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | |||||