Filtered by vendor
Subscriptions
Total
390 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-1473 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2024-11-21 | N/A |
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. | ||||
CVE-2017-1375 | 1 Ibm | 1 Storwize Unified V7000 Software | 2024-11-21 | N/A |
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. | ||||
CVE-2017-1366 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | N/A |
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. | ||||
CVE-2017-1319 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2024-11-21 | N/A |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | ||||
CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A |
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | ||||
CVE-2017-1255 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A |
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. | ||||
CVE-2017-1224 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | N/A |
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | ||||
CVE-2017-1179 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2024-11-21 | N/A |
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | ||||
CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2024-11-21 | N/A |
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | ||||
CVE-2017-17436 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2024-11-21 | N/A |
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. | ||||
CVE-2017-16726 | 1 Beckhoff | 1 Twincat | 2024-11-21 | N/A |
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable. | ||||
CVE-2017-16632 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.5 High |
In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | ||||
CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2024-11-21 | N/A |
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | ||||
CVE-2017-14262 | 1 Samsung | 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more | 2024-11-21 | N/A |
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | ||||
CVE-2017-14090 | 1 Trendmicro | 1 Scanmail | 2024-11-21 | N/A |
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | ||||
CVE-2017-13699 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2024-11-21 | N/A |
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. | ||||
CVE-2017-12871 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | N/A |
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | ||||
CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2024-11-21 | 9.8 Critical |
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | ||||
CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2024-11-21 | N/A |
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | ||||
CVE-2016-9121 | 1 Go-jose Project | 1 Go-jose | 2024-11-21 | N/A |
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. |