Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14264 | 1 Hcltech | 1 Traveler Companion | 2021-10-28 | 3.9 Low |
| "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | ||||
| CVE-2019-12621 | 1 Cisco | 10 Hyperflex Hx220c Af M5, Hyperflex Hx220c Af M5 Firmware, Hyperflex Hx220c Edge M5 and 7 more | 2021-10-28 | 7.4 High |
| A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. | ||||
| CVE-2020-10927 | 1 Netgear | 2 R6700, R6700 Firmware | 2021-10-26 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649. | ||||
| CVE-2021-41096 | 1 Rucky Project | 1 Rucky | 2021-10-08 | 7.5 High |
| Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required. | ||||
| CVE-2021-36298 | 1 Dell | 2 Isilon Insightiq, Isilon Insightiq Firmware | 2021-10-08 | 9.8 Critical |
| Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2021-29894 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2021-10-04 | 7.5 High |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | ||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 7.5 High |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | ||||
| CVE-2021-29750 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-09-28 | 7.5 High |
| IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778. | ||||
| CVE-2016-8370 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2021-09-13 | 7.5 High |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | ||||
| CVE-2020-20950 | 5 Apple, Ietf, Linux and 2 more | 5 Macos, Public Key Cryptography Standards \#1, Linux Kernel and 2 more | 2021-09-08 | 5.9 Medium |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | ||||
| CVE-2021-27913 | 1 Acquia | 1 Mautic | 2021-09-03 | 3.5 Low |
| The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | ||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 5.5 Medium |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | ||||
| CVE-2021-29704 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-08-26 | 7.5 High |
| IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2020-36363 | 1 Amazon | 1 Amazon Cloudfront | 2021-08-23 | 9.8 Critical |
| Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | ||||
| CVE-2019-25052 | 1 Linaro | 1 Op-tee | 2021-08-19 | 9.1 Critical |
| In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | ||||
| CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-07-21 | 9.1 Critical |
| A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | ||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2021-07-21 | 7.5 High |
| Data is truncated wrong when its length is greater than 255 bytes. | ||||
| CVE-2020-9526 | 1 Cs2-network | 1 P2p | 2021-07-21 | 5.9 Medium |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-4778 | 1 Ibm | 1 Curam Social Program Management | 2021-07-21 | 7.5 High |
| IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. | ||||
| CVE-2020-4596 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 7.5 High |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812. | ||||