Total
360 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6984 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | |||||
CVE-2012-5623 | 1 Squirrelmail | 1 Change Passwd | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | |||||
CVE-2013-2213 | 1 Kde | 1 Paste Applet | 2020-02-24 | 2.1 LOW | 5.5 MEDIUM |
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | |||||
CVE-2019-4427 | 2 Ibm, Microsoft | 2 Cloud Cli, Windows | 2020-02-14 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773. | |||||
CVE-2020-5229 | 1 Apereo | 1 Opencast | 2020-02-05 | 5.5 MEDIUM | 8.1 HIGH |
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint. | |||||
CVE-2019-3700 | 1 Suse | 1 Yast2-security | 2020-02-05 | 2.1 LOW | 3.3 LOW |
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. | |||||
CVE-2019-4540 | 1 Ibm | 1 Security Directory Server | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. | |||||
CVE-2019-4639 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | |||||
CVE-2020-1810 | 1 Huawei | 6 Cloudengine 12800, Cloudengine 12800 Firmware, S5700 and 3 more | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. | |||||
CVE-2018-6829 | 1 Gnupg | 1 Libgcrypt | 2020-01-15 | 5.0 MEDIUM | 7.5 HIGH |
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. | |||||
CVE-2019-16208 | 1 Broadcom | 1 Brocade Sannav | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | |||||
CVE-2018-5745 | 1 Isc | 1 Bind | 2019-11-05 | 3.5 LOW | 4.9 MEDIUM |
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. | |||||
CVE-2019-11341 | 2 Google, Samsung | 2 Android, Phone | 2019-11-05 | 2.1 LOW | 4.6 MEDIUM |
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic. | |||||
CVE-2019-4399 | 1 Ibm | 1 Cloud Orchestrator | 2019-10-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. | |||||
CVE-2019-7477 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
CVE-2019-1828 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. | |||||
CVE-2018-5458 | 1 Philips | 1 Intellispace Portal | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. | |||||
CVE-2018-1428 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. | |||||
CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2019-10-09 | 6.8 MEDIUM | 8.5 HIGH |
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | |||||
CVE-2017-1571 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. |