Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4595 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 7.5 High |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819. | ||||
| CVE-2020-4594 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 7.5 High |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800. | ||||
| CVE-2020-4452 | 1 Ibm | 1 Api Connect | 2021-07-21 | 7.5 High |
| IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | ||||
| CVE-2020-36201 | 1 Xerox | 60 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 57 more | 2021-07-21 | 7.5 High |
| An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. | ||||
| CVE-2020-29063 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-07-21 | 7.5 High |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | ||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2021-07-21 | 7.5 High |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | ||||
| CVE-2020-23162 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2021-07-21 | 7.5 High |
| Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. | ||||
| CVE-2020-20949 | 2 Ietf, St | 22 Public Key Cryptography Standards \#1, Stm32cubef0, Stm32cubef1 and 19 more | 2021-07-21 | 5.9 Medium |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | ||||
| CVE-2020-1826 | 1 Huawei | 2 Honor Magic2, Honor Magic2 Firmware | 2021-07-21 | 4.4 Medium |
| Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. | ||||
| CVE-2020-14254 | 1 Hcltech | 1 Bigfix Platform | 2021-07-21 | 7.5 High |
| TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. | ||||
| CVE-2020-14246 | 1 Hcltechsw | 1 Onetest Performance | 2021-07-21 | 7.5 High |
| HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. | ||||
| CVE-2020-12702 | 1 Coolkit | 1 Ewelink | 2021-07-21 | 4.6 Medium |
| Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. | ||||
| CVE-2020-11872 | 1 Bluetrace | 1 Opentrace | 2021-07-21 | 7.5 High |
| The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | ||||
| CVE-2020-10377 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2021-07-21 | 9.8 Critical |
| A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. | ||||
| CVE-2019-9483 | 1 Amazon | 2 Ring Video Doorbell, Ring Video Doorbell Firmware | 2021-07-21 | N/A |
| Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | ||||
| CVE-2019-9399 | 1 Google | 1 Android | 2021-07-21 | 5.9 Medium |
| The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664 | ||||
| CVE-2019-9155 | 1 Openpgpjs | 1 Openpgpjs | 2021-07-21 | N/A |
| A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. | ||||
| CVE-2019-9095 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2021-07-21 | 9.8 Critical |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. | ||||
| CVE-2019-7858 | 1 Magento | 1 Magento | 2021-07-21 | N/A |
| A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | ||||
| CVE-2019-7673 | 1 Mobotix | 2 S14, S14 Firmware | 2021-07-21 | N/A |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. | ||||