Vulnerabilities (CVE)

CWE filter

CWE-326

Filter

114 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-4693 1 Apple 4 Mac Os X, Iphone Os, Watch Os and 1 more 2018-10-30 5.0
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass...
CVE-2017-11317 1 Telerik 1 Ui For Asp.net Ajax 2018-10-17 7.5
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE-2018-15124 1 Zipato 1 Zipabox Firmware 2018-10-10 10.0
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-9028 2018-08-09 5.0
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
CVE-2018-1466 1 Ibm 7 Spectrum Virtualize For Public Cloud Software, Spectrum Virtualize Software, Storwize V3500 Software and 4 more 2018-06-15 3.5
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that...
CVE-2017-17543 1 Fortinet 2 Forticlient, Forticlient Sslvpn Client 2018-06-11 5.0
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due...
CVE-2014-0841 1 Ibm 1 Rational Focal Point 2018-06-07 2.1
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.
CVE-2017-1255 1 Ibm 1 Security Guardium 2018-06-06 5.0
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675.
CVE-2005-4900 1 Google 1 Chrome 2018-05-30 4.3
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing...
CVE-2017-1701 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Team Concert 2018-05-23 4.0
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.
CVE-2017-1473 1 Ibm 3 Security Access Manager Firmware, Security Access Manager For Mobile, Security Access Manager For Web Firmware 2018-05-23 5.0
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
CVE-2015-4953 1 Ibm 1 Bigfix Remote Control 2018-04-24 5.8
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.
CVE-2015-7449 1 Ibm 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more 2018-04-13 2.1
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15,...
CVE-2017-6284 2 Google, Nvidia 2 Android, Shield Tv Firmware 2018-03-27 2.1
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect...
CVE-2018-1425 1 Ibm 1 Security Guardium Big Data Intelligence 2018-03-16 4.3
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.
CVE-2018-5298 1 Pg 1 Oral-b App 2018-01-31 5.0
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data...
CVE-2017-1000486 1 Primetek 1 Primefaces 2018-01-24 7.5
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
CVE-2017-1664 1 Ibm 1 Security Key Lifecycle Manager 2018-01-12 4.3
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.
CVE-2017-14090 1 Trendmicro 1 Scanmail 2017-12-26 6.4
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
CVE-2017-17436 1 Vaulteksafe 1 Vt20i Firmware 2017-12-22 3.3
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is...