Vulnerabilities (CVE)

Filtered by CWE-310
Total 2447 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7439 1 Wolfssl 1 Wolfssl 2024-11-21 2.1 LOW 5.5 MEDIUM
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-7438 1 Wolfssl 1 Wolfssl 2024-11-21 2.1 LOW 5.5 MEDIUM
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-7270 1 Microsoft 1 .net Framework 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
CVE-2016-6899 1 Huawei 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.
CVE-2016-6838 1 Huawei 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
CVE-2016-6606 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 5.0 MEDIUM 8.1 HIGH
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6550 1 Bb\&t 1 The U 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-6329 1 Openvpn 1 Openvpn 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
CVE-2016-6257 4 Amazonbasics, Dell, Lenovo and 1 more 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more 2024-11-21 3.3 LOW 6.5 MEDIUM
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
CVE-2016-5957 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.
CVE-2016-5774 1 Blue Coat 1 Packetshaper S-series 2024-11-21 4.3 MEDIUM 8.1 HIGH
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.
CVE-2016-5672 1 Intel 1 Crosswalk 2024-11-21 5.8 MEDIUM 8.1 HIGH
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.
CVE-2016-5433 1 Citrix 1 Ios Receiver 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
CVE-2016-5430 1 Jose-php Project 1 Jose-php 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
CVE-2016-5419 3 Debian, Haxx, Opensuse 3 Debian Linux, Libcurl, Leap 2024-11-21 5.0 MEDIUM 7.5 HIGH
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2016-5084 1 Animas 2 Onetouch Ping, Onetouch Ping Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2016-4763 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2024-11-21 4.9 MEDIUM 6.8 MEDIUM
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-4754 1 Apple 1 Os X Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2016-4524 1 Abb 1 Pcm600 2024-11-21 2.1 LOW 6.5 MEDIUM
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.
CVE-2016-4511 1 Abb 1 Pcm600 2024-11-21 1.9 LOW 2.8 LOW
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.