Total
396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1319 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||||
| CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
| CVE-2017-7905 | 1 Ge | 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |||||
| CVE-2015-0575 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | |||||
| CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |||||
| CVE-2016-7798 | 2 Debian, Ruby-lang | 2 Debian Linux, Openssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | |||||
| CVE-2017-2399 | 1 Apple | 1 Iphone Os | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). | |||||
| CVE-2017-12871 | 1 Simplesamlphp | 1 Simplesamlphp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | |||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | |||||
| CVE-2017-2380 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. | |||||
| CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | |||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | |||||
| CVE-2017-1375 | 1 Ibm | 1 Storwize Unified V7000 Software | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. | |||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2025-04-20 | 3.3 LOW | 8.8 HIGH |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | |||||
| CVE-2017-5239 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. | |||||
| CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | |||||
| CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2025-04-20 | 7.9 HIGH | 7.5 HIGH |
| Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | |||||
| CVE-2017-1179 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | |||||
| CVE-2017-7903 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password. | |||||
| CVE-2016-2879 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. | |||||