Total
360 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4175 | 1 Ibm | 1 Cognos Controller | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. | |||||
CVE-2019-4256 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. | |||||
CVE-2019-10639 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. | |||||
CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | |||||
CVE-2018-1608 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. | |||||
CVE-2018-2007 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | |||||
CVE-2018-1925 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. | |||||
CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | |||||
CVE-2018-1518 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. | |||||
CVE-2018-0448 | 1 Cisco | 1 Digital Network Architecture Center | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. | |||||
CVE-2018-1665 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. | |||||
CVE-2018-15796 | 1 Pivotal Software | 1 Bits Service | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. | |||||
CVE-2018-1545 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. | |||||
CVE-2018-17177 | 1 Neatorobotics | 12 Botvac 85 Connected, Botvac 85 Firmware, Botvac D3 Connected and 9 more | 2024-02-28 | 2.1 LOW | 2.4 LOW |
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. | |||||
CVE-2018-0131 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | |||||
CVE-2018-15124 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | |||||
CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | |||||
CVE-2019-7648 | 1 Hotels Server Project | 1 Hotels Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. | |||||
CVE-2018-1814 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. | |||||
CVE-2018-1648 | 1 Ibm | 1 Qradar Incident Forensics | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. |