Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6886 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | |||||
| CVE-2016-6882 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||||
| CVE-2016-6879 | 1 Botan Project | 1 Botan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | |||||
| CVE-2016-2880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. | |||||
| CVE-2016-2217 | 1 Dest-unreach | 1 Socat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | |||||
| CVE-2016-10467 | 1 Qualcomm | 32 Sd 205, Sd 205 Firmware, Sd 210 and 29 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1. | |||||
| CVE-2016-10421 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, key material is not always cleared properly. | |||||
| CVE-2016-10011 | 1 Openbsd | 1 Openssh | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | |||||
| CVE-2016-1000346 | 2 Bouncycastle, Debian | 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. | |||||
| CVE-2015-8542 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader. | |||||
| CVE-2015-7503 | 1 Zend | 1 Zend Framework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | |||||
| CVE-2015-4166 | 1 Cloudera | 1 Key Trustee Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | |||||
| CVE-2015-1316 | 1 Canonical | 1 Juju | 2024-11-21 | 5.0 MEDIUM | 6.4 MEDIUM |
| Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | |||||
| CVE-2015-0936 | 1 Ceragon | 4 Fibeair Ip-10 Firmware, Fibeair Ip-10c, Fibeair Ip-10e and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
| CVE-2015-0839 | 1 Hp | 1 Linux Imaging And Printing | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | |||||
| CVE-2015-0153 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | |||||
| CVE-2013-2233 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | |||||