Total
360 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4693 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. | |||||
CVE-2016-4685 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||||
CVE-2016-10102 | 1 Hiteksoftware | 1 Automize | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected. | |||||
CVE-2016-3034 | 1 Ibm | 1 Security Appscan Source | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. | |||||
CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | |||||
CVE-2017-2399 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). | |||||
CVE-2016-7798 | 2 Debian, Ruby-lang | 2 Debian Linux, Openssl | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | |||||
CVE-2017-7229 | 1 Vaultive | 1 Office 365 Security | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). | |||||
CVE-2016-5056 | 1 Osram | 1 Lightify Pro | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. | |||||
CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | |||||
CVE-2017-5999 | 1 Syspass | 1 Syspass | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system. | |||||
CVE-2016-9121 | 1 Go-jose Project | 1 Go-jose | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. | |||||
CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | |||||
CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 7.8 HIGH | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | |||||
CVE-2017-2391 | 1 Apple | 3 Keynote, Numbers, Pages | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | |||||
CVE-2016-2879 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. | |||||
CVE-2015-8085 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | |||||
CVE-2005-4900 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. |