ReportizFlow
Filtered by vendor
Subscriptions
Total
390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | ||||
| CVE-2018-7242 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-11-21 | N/A |
| Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. | ||||
| CVE-2018-6653 | 2 Comforte, Hp | 2 Swap, Nonstop Server | 2024-11-21 | N/A |
| comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | ||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2024-11-21 | N/A |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | ||||
| CVE-2018-6594 | 3 Canonical, Debian, Dlitz | 3 Ubuntu Linux, Debian Linux, Pycrypto | 2024-11-21 | N/A |
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | ||||
| CVE-2018-5461 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-11-21 | N/A |
| An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack. | ||||
| CVE-2018-5298 | 1 Pg | 1 Oral-b App | 2024-11-21 | N/A |
| In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. | ||||
| CVE-2018-5184 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2024-11-21 | N/A |
| Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | ||||
| CVE-2018-4839 | 1 Siemens | 17 Digsi 4, En100 Ethernet Module Dnp3, En100 Ethernet Module Dnp3 Firmware and 14 more | 2024-11-21 | N/A |
| A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. | ||||
| CVE-2018-2007 | 1 Ibm | 1 Api Connect | 2024-11-21 | N/A |
| IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | ||||
| CVE-2018-21080 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | ||||
| CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-11-21 | N/A |
| Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | ||||
| CVE-2018-1946 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | N/A |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | ||||
| CVE-2018-1925 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | N/A |
| IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. | ||||
| CVE-2018-1814 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. | ||||
| CVE-2018-1785 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2024-11-21 | 7.5 High |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. | ||||
| CVE-2018-1751 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | N/A |
| IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. | ||||
| CVE-2018-1665 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | N/A |
| IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. | ||||
| CVE-2018-1648 | 1 Ibm | 1 Qradar Incident Forensics | 2024-11-21 | N/A |
| IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. | ||||
| CVE-2018-1608 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | N/A |
| IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. | ||||