Vulnerabilities (CVE)

CWE filter

CWE-310

Filter

2638 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17915 1 Xiongmaitech 1 Xmeye P2p Cloud Server 2018-12-06 6.4
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds,...
CVE-2018-15593 2018-12-06 2.1
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.
CVE-2018-0737 2 Openssl, Canonical 2 Openssl, Ubuntu Linux 2018-12-01 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key....
CVE-2016-0800 2 Openssl, Pulsesecure 3 Client, Steel Belted Radius, Openssl 2018-11-30 4.3
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for...
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2018-11-30 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2015-0285 1 Openssl 1 Openssl 2018-11-29 4.3
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by...
CVE-2016-1000352 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2018-11-28 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVE-2016-1000344 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2018-11-28 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVE-2016-1000343 2 Bouncycastle, Debian 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux 2018-11-28 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier...
CVE-2016-1000339 2 Bouncycastle, Debian 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux 2018-11-28 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored...
CVE-2018-6695 1 Mcafee 1 Mcafee Threat Intelligence Exchange 2018-11-27 4.3
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
CVE-2018-3616 1 Intel 1 Active Management Technology 2018-11-26 4.3
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
CVE-2018-16546 1 Amcrest 1 Amcrest Ipc-hx1x3x-lexus Eng N Amcrest 2018-11-26 4.3
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation,...
CVE-2018-5871 1 Qualcomm 31 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9640 Firmware and 28 more 2018-11-23 3.3
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850,...
CVE-2018-5837 1 Qualcomm 28 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 25 more 2018-11-23 5.0
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439,...
CVE-2018-11291 1 Qualcomm 36 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 33 more 2018-11-23 5.0
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD...
CVE-2013-4185 2 Openstack, Redhat 3 Openstack, Havana, Compute 2018-11-15 4.0
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of...
CVE-2018-5389 1 Ietf 1 Internet Key Exchange 2018-11-14 4.3
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the...
CVE-2016-5419 4 Debian, Haxx, Novell and 1 more 4 Debian Linux, Leap, Libcurl and 1 more 2018-11-13 5.0
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2018-11057 1 Emc 1 Rsa Bsafe 2018-11-08 4.3
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker...