Export limit exceeded: 362671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (450 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2380 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.
CVE-2017-5160 1 Aveva 1 Wonderware Intouch Access Anywhere 2025-04-20 5.3 Medium
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
CVE-2017-1319 1 Ibm 1 Tivoli Federated Identity Manager 2025-04-20 N/A
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
CVE-2017-1375 1 Ibm 1 Storwize Unified V7000 Software 2025-04-20 N/A
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.
CVE-2017-8076 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 N/A
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2016-4693 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
CVE-2016-5056 1 Osram 1 Lightify Pro 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
CVE-2017-13699 1 Moxa 2 Eds-g512e, Eds-g512e Firmware 2025-04-20 N/A
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.
CVE-2015-0575 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
CVE-2017-1179 1 Ibm 1 Bigfix Security Compliance Analytics 2025-04-20 N/A
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
CVE-2017-9645 1 Mirion 16 Dmc 3000 Transmitter, Dmc 3000 Transmitter Firmware, Drm-1\/2 and 13 more 2025-04-20 N/A
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level.
CVE-2017-5239 1 Eviewgps 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware 2025-04-20 N/A
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
CVE-2017-7673 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
CVE-2017-14090 1 Trendmicro 1 Scanmail 2025-04-20 N/A
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
CVE-2017-14262 1 Samsung 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more 2025-04-20 N/A
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
CVE-2016-3034 1 Ibm 1 Security Appscan Source 2025-04-20 N/A
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
CVE-2016-3019 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.
CVE-2016-10103 1 Hiteksoftware 1 Automize 2025-04-20 N/A
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.
CVE-2012-6707 1 Wordpress 1 Wordpress 2025-04-20 N/A
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVE-2017-5999 1 Syspass 1 Syspass 2025-04-20 N/A
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.