Search Results (1717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12871 1 Simplesamlphp 1 Simplesamlphp 2025-04-20 N/A
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
CVE-2016-6485 1 Magento 1 Magento2 2025-04-20 N/A
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
CVE-2017-5239 1 Eviewgps 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware 2025-04-20 N/A
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
CVE-2016-2880 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
CVE-2016-2879 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
CVE-2017-5186 2 Netiq, Novell 4 Edirectory, Imanager, Edirectory and 1 more 2025-04-20 N/A
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
CVE-2016-2379 1 Pidgin 1 Mxit 2025-04-20 N/A
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
CVE-2017-9136 1 Mimosa 2 Backhaul Radios, Client Radios 2025-04-20 N/A
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).
CVE-2017-2391 1 Apple 3 Keynote, Numbers, Pages 2025-04-20 N/A
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
CVE-2017-8076 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 N/A
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2015-0839 1 Hp 1 Linux Imaging And Printing 2025-04-20 N/A
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
CVE-2014-9969 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.
CVE-2014-8687 1 Seagate 2 Business Nas, Business Nas Firmware 2025-04-20 N/A
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
CVE-2016-9243 3 Canonical, Cryptography.io, Fedoraproject 3 Ubuntu Linux, Cryptography, Fedora 2025-04-20 7.5 High
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2015-7503 1 Zend 1 Zend Framework 2025-04-20 N/A
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
CVE-2017-1224 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.
CVE-2016-6886 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
CVE-2016-3099 1 Redhat 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more 2025-04-20 N/A
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
CVE-2016-4693 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
CVE-2016-10101 1 Hiteksoftware 1 Automize 2025-04-20 N/A
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.