Total
2492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9003 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. | ||||
| CVE-2015-8013 | 1 Openpgpjs | 1 Openpgpjs | 2025-04-20 | N/A |
| s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | ||||
| CVE-2015-8234 | 1 Openstack | 1 Glance | 2025-04-20 | N/A |
| The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | ||||
| CVE-2014-7808 | 1 Apache | 1 Wicket | 2025-04-20 | 7.5 High |
| Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | ||||
| CVE-2015-7256 | 1 Zyxel | 50 C1000z, C1000z Firmware, Fr1000z and 47 more | 2025-04-20 | N/A |
| ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | ||||
| CVE-2015-4056 | 1 Dell | 1 Vce Vision Intelligent Operations | 2025-04-20 | 6.7 Medium |
| The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. | ||||
| CVE-2014-8686 | 1 Codeigniter | 1 Codeigniter | 2025-04-20 | N/A |
| CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | ||||
| CVE-2014-8684 | 2 Codeigniter, Kohanaframework | 2 Codeigniter, Kohana | 2025-04-20 | N/A |
| CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. | ||||
| CVE-2011-4667 | 1 Cisco | 2 Ios, Nx-os | 2025-04-20 | N/A |
| The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | ||||
| CVE-2021-4258 | 1 Whohas Project | 1 Whohas | 2025-04-15 | 3.7 Low |
| A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | ||||
| CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2025-04-15 | 1.9 Low |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | ||||
| CVE-2015-0204 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-12 | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. | ||||
| CVE-2016-8224 | 1 Lenovo | 57 Bios, Notebook 110 14ibr, Notebook 110 14ibr Bios and 54 more | 2025-04-12 | N/A |
| A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. | ||||
| CVE-2016-6838 | 1 Huawei | 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more | 2025-04-12 | N/A |
| Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. | ||||
| CVE-2016-6899 | 1 Huawei | 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more | 2025-04-12 | N/A |
| The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm. | ||||
| CVE-2016-5672 | 1 Intel | 1 Crosswalk | 2025-04-12 | N/A |
| Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-6257 | 4 Amazonbasics, Dell, Lenovo and 1 more | 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more | 2025-04-12 | 6.5 Medium |
| The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | ||||
| CVE-2016-4763 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1902 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2025-04-12 | N/A |
| The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||||
| CVE-2016-2053 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-12 | N/A |
| The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. | ||||