Vulnerabilities (CVE)

CWE filter

CWE-310

Filter

2558 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-7006 1 Avaya 1 One-x Communicator 2019-10-09 2.1
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
CVE-2019-6540 1 Medtronic 23 Amplia Crt-d Firmware, Carelink 2090 Firmware, Carelink Monitor 2490c Firmware and 20 more 2019-10-09 3.3
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta...
CVE-2019-6526 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to...
CVE-2019-5448 1 Yarnpkg 1 Yarn 2019-10-09 4.3
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
CVE-2019-1940 1 Cisco 1 Industrial Network Director 2019-10-09 4.3
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate....
CVE-2019-1804 1 Cisco 13 Nexus 93108tc-ex Firmware, Nexus 93120tx Firmware, Nexus 93128tx Firmware and 10 more 2019-10-09 10.0
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the...
CVE-2019-10926 1 Siemens 2 Simatic Mv420 Firmware, Simatic Mv440 Firmware 2019-10-09 2.6
A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident MV440 family (All versions). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an...
CVE-2019-10240 1 Eclipse 1 Hawkbit 2019-10-09 6.8
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts...
CVE-2018-5402 1 Auto-maskin 3 Marine Pro Observer, Dcu 210e Firmware, Rp 210e Firmware 2019-10-09 6.5
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations,...
CVE-2018-1720 1 Ibm 1 Sterling B2b Integrator 2019-10-09 5.0
IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294.
CVE-2018-18984 1 Medtronic 3 29901 Encore Programmer Firmware, Carelink 2090 Programmer Firmware, Carelink 9790 Programmer Firmware 2019-10-09 2.1
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
CVE-2018-16870 1 Wolfssl 1 Wolfssl 2019-10-09 4.3
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
CVE-2018-16869 1 Nettle Project 1 Nettle 2019-10-09 3.3
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process,...
CVE-2018-15796 2019-10-09 5.5
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the...
CVE-2017-7526 3 Gnupg, Canonical, Debian 3 Libgcrypt, Ubuntu Linux, Debian Linux 2019-10-09 4.3
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on...
CVE-2017-3226 1 Denx 1 U-boot 2019-10-09 4.4
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter...
CVE-2017-3225 1 Denx 1 U-boot 2019-10-09 2.1
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying...
CVE-2017-1268 1 Ibm 1 Security Guardium 2019-10-09 2.1
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.
CVE-2017-13097 1 - 1 - 2019-10-09 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement....
CVE-2017-13096 1 - 1 - 2019-10-09 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The...