Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4624 | 1 Ibm | 1 Cloud Pak For Security | 2020-11-30 | 5.3 Medium |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. | ||||
| CVE-2020-4254 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-10-20 | 7.5 High |
| IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. | ||||
| CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2020-10-19 | 5.3 Medium |
| "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | ||||
| CVE-2020-11031 | 1 Glpi-project | 1 Glpi | 2020-10-05 | 7.5 High |
| In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium. | ||||
| CVE-2020-4614 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 7.5 High |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927. | ||||
| CVE-2020-4613 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 7.5 High |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925. | ||||
| CVE-2019-14089 | 1 Qualcomm | 30 Kamorta, Kamorta Firmware, Nicobar and 27 more | 2020-09-11 | 7.8 High |
| u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2019-16143 | 1 Blake2 | 1 Blake2-rust | 2020-08-31 | 9.8 Critical |
| An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. | ||||
| CVE-2020-4174 | 1 Ibm | 1 Security Guardium Insights | 2020-08-28 | 7.5 High |
| IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. | ||||
| CVE-2020-4169 | 1 Ibm | 1 Security Guardium Insights | 2020-08-27 | 7.5 High |
| IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. | ||||
| CVE-2019-12587 | 1 Espressif | 2 Esp-idf, Esp8266 Nonos Sdk | 2020-08-24 | N/A |
| The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | ||||
| CVE-2019-6485 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-08-24 | N/A |
| Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | ||||
| CVE-2019-4609 | 1 Ibm | 1 Api Connect | 2020-08-24 | 7.5 High |
| IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510. | ||||
| CVE-2019-4553 | 1 Ibm | 1 Api Connect | 2020-08-24 | 7.5 High |
| IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | ||||
| CVE-2019-13604 | 1 Assaabloy | 2 Hid Digitalpersona 4500, Hid Digitalpersona 4500 Firmware | 2020-08-24 | N/A |
| There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak. | ||||
| CVE-2019-13052 | 1 Logitech | 2 Unifying Receiver, Unifying Receiver Firmware | 2020-08-24 | N/A |
| Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. | ||||
| CVE-2019-0688 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2020-08-24 | N/A |
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | ||||
| CVE-2019-0187 | 1 Apache | 1 Jmeter | 2020-08-24 | N/A |
| Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised. | ||||
| CVE-2018-6402 | 1 Ecobee | 2 Ecobee4, Ecobee4 Firmware | 2020-08-24 | 7.5 High |
| Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack. | ||||
| CVE-2018-1996 | 1 Ibm | 1 Websphere Application Server | 2020-08-24 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. | ||||