Filtered by CWE-326
Filtered by vendor Subscriptions
Total 390 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4953 1 Ibm 1 Bigfix Remote Control 2024-11-21 N/A
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.
CVE-2015-0575 1 Google 1 Android 2024-11-21 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
CVE-2014-9975 1 Google 1 Android 2024-11-21 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
CVE-2014-1491 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 N/A
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
CVE-2014-0841 1 Ibm 1 Rational Focal Point 2024-11-21 N/A
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.
CVE-2014-0224 9 Fedoraproject, Filezilla-project, Mariadb and 6 more 23 Fedora, Filezilla Server, Mariadb and 20 more 2024-11-21 7.4 High
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVE-2013-7484 1 Zabbix 1 Zabbix 2024-11-21 7.5 High
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
CVE-2013-7469 1 Seafile 1 Seafile 2024-11-21 N/A
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2013-7287 1 Mobileiron 2 Sentry, Virtual Smartphone Platform 2024-11-21 9.8 Critical
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
CVE-2013-7286 1 Att 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform 2024-11-21 7.5 High
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
CVE-2013-4508 3 Debian, Lighttpd, Opensuse 3 Debian Linux, Lighttpd, Opensuse 2024-11-21 7.5 High
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
CVE-2013-4104 1 Cryptocat Project 1 Cryptocat 2024-11-21 7.5 High
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
CVE-2013-2566 4 Canonical, Fujitsu, Mozilla and 1 more 24 Ubuntu Linux, M10-1, M10-1 Firmware and 21 more 2024-11-21 N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
CVE-2013-2166 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Python-keystoneclient and 1 more 2024-11-21 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2013-0764 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2024-11-21 N/A
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.
CVE-2012-6707 1 Wordpress 1 Wordpress 2024-11-21 N/A
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVE-2012-2130 3 Debian, Fedoraproject, Polarssl 3 Debian Linux, Fedora, Polarssl 2024-11-21 7.4 High
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
CVE-2011-4121 1 Ruby-lang 1 Ruby 2024-11-21 9.8 Critical
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
CVE-2011-3629 1 Joomla 1 Joomla\! 2024-11-21 7.5 High
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVE-2011-3389 9 Canonical, Debian, Google and 6 more 21 Ubuntu Linux, Debian Linux, Chrome and 18 more 2024-11-21 N/A
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.