Vulnerabilities (CVE)

CWE filter



114 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-9645 1 Mirion 8 Dmc 3000 Transmitter Firmware, Rds-31 Itx Firmware, Telepole 2 Firmware and 5 more 2019-10-09 3.3
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM...
CVE-2017-9635 1 Schneider-electric 1 Ampla Manufacturing Execution System 2019-10-09 1.9
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's...
CVE-2017-7905 1 Ge 10 Multilin Sr 489 Generator Protection Relay Firmware, Multilin Urplus C90 Firmware, Multilin Urplus D90 Firmware and 7 more 2019-10-09 5.0
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469...
CVE-2017-5535 1 Tibco 1 Datasynapse Gridserver Manager 2019-10-09 4.3
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers....
CVE-2017-3971 1 Mcafee 1 Network Security Manager 2019-10-09 4.0
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
CVE-2017-2598 1 Jenkins 1 Jenkins 2019-10-09 4.0
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVE-2017-1713 1 Ibm 1 Infosphere Streams 2019-10-09 4.3
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.
CVE-2017-1695 1 Ibm 1 Qradar Security Information And Event Manager 2019-10-09 5.0
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
CVE-2017-1366 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 5.0
IBM Security Identity Governance Virtual Appliance 5.2 through uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.
CVE-2017-16726 1 Beckhoff 1 Twincat 2019-10-09 6.4
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of...
CVE-2018-6594 3 Dlitz, Debian, Canonical 3 Pycrypto, Debian Linux, Ubuntu Linux 2019-10-03 5.0
lib/Crypto/PublicKey/ in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a...
CVE-2017-2399 1 Apple 1 Iphone Os 2019-10-03 2.1
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only...
CVE-2017-7673 1 Apache 1 Openmeetings 2019-10-03 5.0
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
CVE-2018-19784 1 Php-proxy 1 Php-proxy 2019-10-03 5.0
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
CVE-2017-14262 1 Samsung 4 Srn 1670d Firmware, Srn 472s Firmware, Srn 1000 Firmware and 1 more 2019-10-03 9.3
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
CVE-2018-6635 1 Avaya 1 Aura 2019-10-03 6.0
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.
CVE-2018-6653 2019-10-03 5.0
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure...
CVE-2019-9399 1 Google 1 Android 2019-09-30 4.3
The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....
CVE-2019-15947 1 Bitcoin 2 Bitcoin-qt, Bitcoin Core 2019-09-09 5.0
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys,...
CVE-2019-14664 1 Enigmail 1 Enigmail 2019-08-13 4.3
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart...