ReportizFlow
Filtered by vendor
Subscriptions
Total
531 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5135 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2024-11-21 | 5.3 Medium |
| An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). | ||||
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2024-11-21 | 9.0 Critical |
| An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | ||||
| CVE-2019-4639 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 7.5 High |
| IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | ||||
| CVE-2019-4609 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 High |
| IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510. | ||||
| CVE-2019-4553 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 High |
| IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | ||||
| CVE-2019-4540 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 7.5 High |
| IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. | ||||
| CVE-2019-4427 | 2 Ibm, Microsoft | 2 Cloud Cli, Windows | 2024-11-21 | 7.5 High |
| IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773. | ||||
| CVE-2019-4399 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 7.5 High |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. | ||||
| CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.3 Medium |
| "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | ||||
| CVE-2019-4156 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 5.9 Medium |
| IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. | ||||
| CVE-2019-3818 | 2 Kube-rbac-proxy Project, Redhat | 3 Kube-rbac-proxy, Openshift, Openshift Container Platform | 2024-11-21 | 7.5 High |
| The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. | ||||
| CVE-2019-3736 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2024-11-21 | 7.2 High |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. | ||||
| CVE-2019-3700 | 1 Suse | 1 Yast2-security | 2024-11-21 | 2.9 Low |
| yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. | ||||
| CVE-2019-25052 | 1 Linaro | 1 Op-tee | 2024-11-21 | 9.1 Critical |
| In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | ||||
| CVE-2019-25006 | 1 Streebog Project | 1 Streebog | 2024-11-21 | 7.5 High |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. | ||||
| CVE-2019-20775 | 2 Google, Qualcomm | 5 Android, Sdm450, Sdm845 and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019). | ||||
| CVE-2019-20138 | 1 Http Authentication Library Project | 1 Http Authentication Library | 2024-11-21 | 7.5 High |
| The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | ||||
| CVE-2019-1706 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa-5506-x, Asa-5506h-x and 6 more | 2024-11-21 | 8.6 High |
| A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. | ||||
| CVE-2019-1563 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Core Services | 2024-11-21 | 3.7 Low |
| In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | ||||
| CVE-2019-1543 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2024-11-21 | N/A |
| ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j). | ||||