Vulnerabilities (CVE)

CWE filter

CWE-326

Filter

114 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14332 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-05 4.6
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.
CVE-2019-4102 1 Ibm 1 Db2 2019-07-04 4.3
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
CVE-2018-20810 1 Pulsesecure 2 Pulse Connect Secure, Pulse Policy Secure 2019-07-03 7.5
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS...
CVE-2018-18325 2019-07-03 5.0
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
CVE-2018-15811 2019-07-03 5.0
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
CVE-2019-4256 1 Ibm 1 Api Connect 2019-05-31 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.
CVE-2018-1608 1 Ibm 1 Rational Engineering Lifecycle Manager 2019-05-10 5.0
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798.
CVE-2017-1665 2 Ibm, Debian 2 Security Key Lifecycle Manager, Debian Linux 2019-04-29 4.3
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.
CVE-2019-10734 1 Trojita Project 1 Trojita 2019-04-09 4.3
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified...
CVE-2019-5723 1 Portier 1 Portier 2019-03-22 5.0
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short....
CVE-2018-5184 4 Mozilla, Canonical, Debian and 1 more 11 Thunderbird, Thunderbird Esr, Ubuntu Linux and 8 more 2019-03-13 5.0
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2019-9483 2019-03-01 6.4
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
CVE-2013-7469 1 Seafile 1 Seafile 2019-02-21 5.0
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-7649 1 Cmswing 1 Cmswing 2019-02-20 5.0
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVE-2019-8919 1 Seafile 1 Seadroid 2019-02-20 5.0
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks...
CVE-2018-1648 1 Ibm 1 Qradar Incident Forensics 2018-12-26 5.0
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.
CVE-2018-17177 1 Neato 6 Botvac 85 Firmware, Botvac D3 Connected Firmware, Botvac D4 Connected Firmware and 3 more 2018-12-07 2.1
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a...
CVE-2018-7242 1 Schneider-electric 57 140cpu31110 Firmware, 140cpu31110c Firmware, 140cpu43412u Firmware and 54 more 2018-12-05 5.0
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash...
CVE-2017-13699 1 Moxa 1 Eds-g512e Firmware 2018-11-30 5.0
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker...
CVE-2016-6225 5 Percona, Fedoraproject, Novell and 2 more 5 Leap, Leap, Fedora and 2 more 2018-10-30 4.3
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup...