Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1179 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | N/A |
| IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | ||||
| CVE-2017-1224 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | ||||
| CVE-2016-3019 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | N/A |
| IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. | ||||
| CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | ||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2025-04-20 | N/A |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | ||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | N/A |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
| CVE-2016-10104 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | N/A |
| Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | ||||
| CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2025-04-20 | N/A |
| Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | ||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | N/A |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | ||||
| CVE-2016-10102 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | N/A |
| hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected. | ||||
| CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | N/A |
| Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | ||||
| CVE-2017-9645 | 1 Mirion | 16 Dmc 3000 Transmitter, Dmc 3000 Transmitter Firmware, Drm-1\/2 and 13 more | 2025-04-20 | N/A |
| An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. | ||||
| CVE-2017-8174 | 1 Huawei | 4 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 and 1 more | 2025-04-20 | N/A |
| Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. | ||||
| CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2025-04-20 | 5.3 Medium |
| An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | ||||
| CVE-2015-0575 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | ||||
| CVE-2014-9975 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | ||||
| CVE-2017-2391 | 1 Apple | 3 Keynote, Numbers, Pages | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | ||||
| CVE-2016-9121 | 1 Go-jose Project | 1 Go-jose | 2025-04-20 | N/A |
| go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. | ||||
| CVE-2017-2380 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. | ||||
| CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | N/A |
| On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||||