Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2021-03-30 | 5.0 MEDIUM | N/A |
| libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | |||||
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2021-03-29 | 4.6 MEDIUM | 7.8 HIGH |
| SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2021-21387 | 1 Wrongthink | 1 Wrongthink | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. | |||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2021-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | |||||
| CVE-2021-23126 | 1 Joomla | 1 Joomla\! | 2021-03-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. | |||||
| CVE-2013-4508 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2021-02-26 | 4.3 MEDIUM | 7.5 HIGH |
| lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | |||||
| CVE-2019-4160 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2021-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. | |||||
| CVE-2017-20001 | 1 Aes Encryption Project | 1 Aes Encryption | 2021-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2020-26263 | 1 Tlslite-ng Project | 1 Tlslite-ng | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng. | |||||
| CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2020-12-10 | 5.0 MEDIUM | N/A |
| The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | |||||
| CVE-2005-4900 | 1 Google | 1 Chrome | 2020-12-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | |||||
| CVE-2020-8761 | 1 Intel | 1 Converged Security And Manageability Engine | 2020-11-30 | 2.1 LOW | 4.6 MEDIUM |
| Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2013-2566 | 4 Canonical, Fujitsu, Mozilla and 1 more | 25 Ubuntu Linux, M10-1, M10-1 Firmware and 22 more | 2020-11-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | |||||
| CVE-2020-9128 | 1 Huawei | 1 Fusioncompute | 2020-11-20 | 2.1 LOW | 4.4 MEDIUM |
| FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. | |||||
| CVE-2020-5938 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | |||||
| CVE-2016-7798 | 2 Debian, Ruby-lang | 2 Debian Linux, Openssl | 2020-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | |||||
| CVE-2020-3549 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2020-10-30 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | |||||
| CVE-2016-3019 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2020-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. | |||||
| CVE-2016-5919 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2020-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. | |||||
| CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |||||