Search Results (446 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1375 1 Ibm 1 Storwize Unified V7000 Software 2025-04-20 N/A
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.
CVE-2016-5056 1 Osram 1 Lightify Pro 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
CVE-2017-12871 1 Simplesamlphp 1 Simplesamlphp 2025-04-20 N/A
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
CVE-2017-14090 1 Trendmicro 1 Scanmail 2025-04-20 N/A
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
CVE-2017-2391 1 Apple 3 Keynote, Numbers, Pages 2025-04-20 N/A
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
CVE-2017-2380 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.
CVE-2016-10101 1 Hiteksoftware 1 Automize 2025-04-20 N/A
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
CVE-2016-9121 1 Go-jose Project 1 Go-jose 2025-04-20 N/A
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.
CVE-2017-7905 1 Ge 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more 2025-04-20 N/A
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
CVE-2017-1224 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.
CVE-2017-17436 1 Vaulteksafe 2 Vt20i, Vt20i Firmware 2025-04-20 N/A
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.
CVE-2016-5919 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 N/A
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
CVE-2017-7229 1 Vaultive 1 Office 365 Security 2025-04-20 N/A
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).
CVE-2016-2379 1 Pidgin 1 Mxit 2025-04-20 N/A
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
CVE-2017-8174 1 Huawei 4 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 and 1 more 2025-04-20 N/A
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.
CVE-2017-14262 1 Samsung 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more 2025-04-20 N/A
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
CVE-2016-2879 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
CVE-2017-5239 1 Eviewgps 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware 2025-04-20 N/A
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
CVE-2016-7798 2 Debian, Ruby-lang 2 Debian Linux, Openssl 2025-04-20 7.5 High
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
CVE-2017-7903 1 Rockwellautomation 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more 2025-04-20 N/A
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.