Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-07-21 | 5.5 MEDIUM | 9.1 CRITICAL |
| A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | |||||
| CVE-2019-9155 | 1 Openpgpjs | 1 Openpgpjs | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. | |||||
| CVE-2020-20949 | 2 Ietf, St | 22 Public Key Cryptography Standards \#1, Stm32cubef0, Stm32cubef1 and 19 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | |||||
| CVE-2019-16370 | 1 Gradle | 1 Gradle | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | |||||
| CVE-2020-4595 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819. | |||||
| CVE-2020-4452 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | |||||
| CVE-2020-14254 | 1 Hcltech | 1 Bigfix Platform | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. | |||||
| CVE-2020-14246 | 1 Hcltechsw | 1 Onetest Performance | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. | |||||
| CVE-2019-19891 | 1 Mitel | 2 Sip-dect, Sip-dect Firmware | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information. | |||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | |||||
| CVE-2019-5502 | 1 Netapp | 1 Data Ontap | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | |||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | |||||
| CVE-2020-23162 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. | |||||
| CVE-2020-4594 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800. | |||||
| CVE-2020-4596 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812. | |||||
| CVE-2019-17428 | 1 Intesync | 1 Solismed | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted. | |||||
| CVE-2019-5919 | 1 Nablarch Project | 1 Nablarch | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors. | |||||
| CVE-2020-9526 | 1 Cs2-network | 1 P2p | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Data is truncated wrong when its length is greater than 255 bytes. | |||||
| CVE-2019-9483 | 1 Amazon | 2 Ring Video Doorbell, Ring Video Doorbell Firmware | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | |||||