Vulnerabilities (CVE)

CWE filter

CWE-310

Filter

2710 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20954 1 Mailpile 1 Mailpile 2019-08-16 5.0
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
CVE-2016-5431 2019-08-14 5.0
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
CVE-2019-10099 1 Apache 1 Spark 2019-08-13 4.3
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem);...
CVE-2019-5502 1 Netapp 1 Data Ontap 2019-08-12 6.4
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.
CVE-2019-7886 1 Magento 1 Magento 2019-08-07 5.0
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
CVE-2019-5448 1 Yarnpkg 1 Yarn 2019-08-06 4.3
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
CVE-2019-7855 1 Magento 1 Magento 2019-08-06 5.0
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
CVE-2019-7858 1 Magento 1 Magento 2019-08-06 5.0
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
CVE-2019-7860 1 Magento 1 Magento 2019-08-06 5.0
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
CVE-2019-13603 1 Crossmatch 1 Digital Persona U.are.u 4500 Driver Firmware 2019-07-29 4.3
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image,...
CVE-2019-1940 1 Cisco 1 Industrial Network Director 2019-07-26 4.3
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate....
CVE-2018-11057 1 Emc 1 Rsa Bsafe 2019-07-23 4.3
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker...
CVE-2018-1000180 5 Bouncycastle, Debian, Netapp and 2 more 18 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux and 15 more 2019-07-23 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than...
CVE-2019-12904 1 Gnupg 1 Libgcrypt 2019-07-23 4.3
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language...
CVE-2019-9836 1 Amd 1 Secure Encrypted Virtualization Firmware 2019-07-21 5.0
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-10101 1 Jetbrains 1 Kotlin 2019-07-20 6.8
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
CVE-2018-12404 1 Mozilla 1 Network Security Services 2019-07-20 4.3
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
CVE-2016-10725 1 Bitcoin 2 Bitcoin-qt, Bitcoind 2019-07-17 5.0
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system...
CVE-2019-6632 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2019-07-11 2.1
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient...
CVE-2013-1398 2 Puppetlabs, Puppet 2 Puppet, Puppet Enterprise 2019-07-10 8.5
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root...