Vulnerabilities (CVE)

CWE filter

CWE-326

Filter

114 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-1271 1 Ibm 1 Security Guardium 2017-12-19 5.0
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the...
CVE-2017-8174 1 Huawei 2 Secospace Usg6300 Firmware, Secospace Usg6600 Firmware 2017-12-12 5.0
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher...
CVE-2017-14797 1 Philips 1 Hue Bridge Bsb002 Firmware 2017-11-21 7.9
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected...
CVE-2017-1375 1 Ibm 1 Storwize Unified V7000 Software 2017-11-13 5.0
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.
CVE-2012-6707 1 Wordpress 1 Wordpress 2017-11-13 5.0
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible...
CVE-2017-12871 1 Simplesamlphp 1 Simplesamlphp 2017-09-06 4.3
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret...
CVE-2014-9975 1 Google 1 Android 2017-08-23 10.0
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
CVE-2015-0575 1 Google 1 Android 2017-08-21 10.0
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
CVE-2017-1224 1 Ibm 1 Bigfix Platform 2017-07-25 5.0
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.
CVE-2016-5919 1 Ibm 4 Security Access Manager For Web 7.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Web 8.0 Firmware and 1 more 2017-07-25 5.0
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
CVE-2017-2391 1 Apple 3 Keynote, Numbers, Pages 2017-07-12 5.0
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export"...
CVE-2017-7903 1 Rockwellautomation 20 1766-l32bxba Series B, 1766-l32bwaa Series A, 1763-l16dwd Series B and 17 more 2017-07-08 5.0
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and...
CVE-2017-1319 1 Ibm 1 Tivoli Federated Identity Manager 2017-07-08 5.0
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
CVE-2016-3019 1 Ibm 1 Security Access Manager 9.0 Firmware 2017-07-08 4.0
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.
CVE-2017-2380 1 Apple 1 Iphone Os 2017-06-22 5.0
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic...
CVE-2017-1179 1 Ibm 1 Bigfix Security Compliance Analytics 2017-06-15 4.3
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
CVE-2017-7229 1 Vaultive 1 Office 365 Security 2017-05-16 6.4
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to...
CVE-2017-7888 1 Dolibarr 1 Dolibarr 2017-05-15 5.0
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
CVE-2017-8076 1 Tp-link 1 Tl-sg108e Firmware 2017-04-27 7.8
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2017-5160 1 Schneider Electric 1 Wonderware Intouch Access Anywhere 2014 2017-04-26 3.5
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.