Filtered by CWE-320
Filtered by vendor Subscriptions
Total 45 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-2625 2 Redhat, X.org 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2024-11-21 N/A
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
CVE-2017-18323 1 Qualcomm 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more 2024-11-21 N/A
Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.
CVE-2017-18319 1 Qualcomm 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more 2024-11-21 N/A
Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.
CVE-2017-13887 1 Apple 1 Mac Os X 2024-11-21 N/A
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.
CVE-2016-9963 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2024-11-21 N/A
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2016-8635 2 Mozilla, Redhat 8 Network Security Services, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 N/A
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2016-8614 1 Redhat 1 Ansible 2024-11-21 N/A
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
CVE-2016-7056 4 Canonical, Debian, Openssl and 1 more 6 Ubuntu Linux, Debian Linux, Openssl and 3 more 2024-11-21 N/A
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2016-6886 1 Matrixssl 1 Matrixssl 2024-11-21 N/A
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
CVE-2016-6882 1 Matrixssl 1 Matrixssl 2024-11-21 N/A
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
CVE-2016-6879 1 Botan Project 1 Botan 2024-11-21 N/A
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
CVE-2016-2880 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 N/A
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
CVE-2016-2217 1 Dest-unreach 1 Socat 2024-11-21 N/A
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
CVE-2016-10467 1 Qualcomm 32 Sd 205, Sd 205 Firmware, Sd 210 and 29 more 2024-11-21 N/A
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1.
CVE-2016-10421 1 Qualcomm 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more 2024-11-21 N/A
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, key material is not always cleared properly.
CVE-2016-10011 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-1000346 3 Bouncycastle, Debian, Redhat 5 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux, Jboss Fuse and 2 more 2024-11-21 N/A
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
CVE-2015-8542 1 Open-xchange 1 Ox Guard 2024-11-21 N/A
An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader.
CVE-2015-7503 1 Zend 1 Zend Framework 2024-11-21 N/A
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
CVE-2015-4166 1 Cloudera 1 Key Trustee Server 2024-11-21 N/A
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.