Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-326
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18241 1 Philips 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more 2019-12-18 3.3 LOW 6.5 MEDIUM
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.
CVE-2013-7484 1 Zabbix 1 Zabbix 2019-12-11 5.0 MEDIUM 7.5 HIGH
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
CVE-2010-3670 1 Typo3 1 Typo3 2019-11-08 5.8 MEDIUM 4.8 MEDIUM
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
CVE-2013-4104 1 Cryptocat Project 1 Cryptocat 2019-11-06 5.0 MEDIUM 7.5 HIGH
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
CVE-2018-5461 1 Belden 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more 2019-10-09 5.8 MEDIUM 6.5 MEDIUM
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
CVE-2018-1814 1 Ibm 1 Security Access Manager 2019-10-09 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.
CVE-2018-1946 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 5.0 MEDIUM 7.5 HIGH
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.
CVE-2018-1925 1 Ibm 1 Websphere Mq 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.
CVE-2018-2007 1 Ibm 1 Api Connect 2019-10-09 5.0 MEDIUM 7.5 HIGH
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.
CVE-2018-1751 3 Ibm, Linux, Microsoft 4 Aix, Security Key Lifecycle Manager, Linux Kernel and 1 more 2019-10-09 5.0 MEDIUM 7.5 HIGH
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.
CVE-2018-1593 1 Ibm 1 Multi-cloud Data Encryption 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.
CVE-2018-1518 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.
CVE-2018-1665 1 Ibm 1 Datapower Gateway 2019-10-09 5.0 MEDIUM 7.5 HIGH
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.
CVE-2018-19001 1 Philips 1 Healthsuite Health 2019-10-09 4.6 MEDIUM 4.3 MEDIUM
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
CVE-2018-0131 1 Cisco 2 Ios, Ios Xe 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.
CVE-2017-9635 1 Schneider-electric 1 Ampla Manufacturing Execution System 2019-10-09 1.9 LOW 3.9 LOW
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
CVE-2017-9645 1 Mirion 16 Dmc 3000 Transmitter, Dmc 3000 Transmitter Firmware, Drm-1\/2 and 13 more 2019-10-09 3.3 LOW 6.5 MEDIUM
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level.
CVE-2017-7905 1 Ge 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more 2019-10-09 5.0 MEDIUM 9.8 CRITICAL
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
CVE-2017-5535 1 Tibco 1 Datasynapse Gridserver Manager 2019-10-09 4.3 MEDIUM 6.8 MEDIUM
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
CVE-2017-3971 1 Mcafee 1 Network Security Manager 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.