Filtered by vendor
Subscriptions
Total
585 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2025-04-20 | N/A |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | ||||
CVE-2012-4449 | 1 Apache | 1 Hadoop | 2025-04-20 | N/A |
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | ||||
CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | N/A |
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | ||||
CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. | ||||
CVE-2017-17717 | 1 Sonatype | 1 Nexus Repository Manager | 2025-04-20 | N/A |
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | ||||
CVE-2017-4917 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | N/A |
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. | ||||
CVE-2014-8687 | 1 Seagate | 2 Business Nas, Business Nas Firmware | 2025-04-20 | N/A |
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | ||||
CVE-2017-15997 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | N/A |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | ||||
CVE-2016-2217 | 1 Dest-unreach | 1 Socat | 2025-04-20 | N/A |
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | ||||
CVE-2017-3539 | 3 Debian, Oracle, Redhat | 15 Debian Linux, Jdk, Jre and 12 more | 2025-04-20 | N/A |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | ||||
CVE-2017-8157 | 1 Huawei | 4 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware, Oceanstor 6900 V3 and 1 more | 2025-04-20 | N/A |
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. | ||||
CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | N/A |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong. | ||||
CVE-2015-8234 | 1 Openstack | 1 Glance | 2025-04-20 | N/A |
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | ||||
CVE-2017-10356 | 4 Debian, Netapp, Oracle and 1 more | 33 Debian Linux, Active Iq Unified Manager, Cloud Backup and 30 more | 2025-04-20 | 6.2 Medium |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
CVE-2017-15998 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | N/A |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. | ||||
CVE-2014-9969 | 1 Google | 1 Android | 2025-04-20 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | ||||
CVE-2016-3702 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-20 | N/A |
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | ||||
CVE-2017-8866 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2025-04-20 | N/A |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | ||||
CVE-2017-10668 | 1 Xoev | 1 Osci Transport Library | 2025-04-20 | N/A |
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption. | ||||
CVE-2017-1598 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. |