Lucene search
K

218 matches found

OSV
OSV
added 2018/08/15 10:29 p.m.4 views

CVE-2017-13108

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

7.5CVSS5.8AI score0.00986EPSS
Exploits0References1
OSV
OSV
added 2018/08/08 12:0 a.m.10 views

UBUNTU-CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

6.5CVSS6.6AI score0.01476EPSS
Exploits0References7
OSV
OSV
added 2018/07/16 6:29 p.m.11 views

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

7.5CVSS7.5AI score0.01362EPSS
Exploits0References2
CNVD
CNVD
added 2018/04/08 12:0 a.m.3 views

Moxa Mxview Information Disclosure Vulnerability

Moxa MXview is a network management software for monitoring and diagnosing industrial networks. An information disclosure vulnerability exists in Moxa Mxview version 2.8 and earlier. The vulnerability arises because the private key of the web server in Moxa Mxview can be read and accessed via HTT...

7.5CVSS6.4AI score0.01974EPSS
Exploits0References1
OSV
OSV
added 2017/12/20 6:29 p.m.6 views

CVE-2017-1598

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...

7.5CVSS5.8AI score0.00848EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/10/18 12:0 a.m.4 views

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

7.9CVSS7AI score0.02124EPSS
Exploits0References23Affected Software39
OSV
OSV
added 2017/10/05 5:29 p.m.2 views

CVE-2017-1339

IBM Spectrum Protect 7.1 and 8.1 formerly Tivoli Storage Manager Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force I...

4.4CVSS5.8AI score
Exploits0References4
CNVD
CNVD
added 2017/06/09 12:0 a.m.3 views

Foscam camera Configuration Backup File Hardcoded Protection Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a configuration backup file protected by hardcoding vulnerability, the encrypted Foscam device configuration file contains the administrator password, t...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/03/17 12:0 a.m.12 views

PT-2021-3311

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Description The issue concerns the 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP. It does not require that all fragments of a frame ar...

10CVSS7.1AI score0.98745EPSS
Exploits323References770
RedHat Linux
RedHat Linux
added 2016/03/01 4:7 p.m.6 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
CNVD
CNVD
added 2015/06/17 12:0 a.m.3 views

Toshiba CHEC Built-in Encryption Key Information Disclosure Vulnerability

Toshiba CHEC is a product of Toshiba Corporation. Toshiba CHEC has a security vulnerability due to the inclusion of a built-in encryption key in the CreateBossCredentials.jar file. This allows an attacker with access to bossinfo.pro to decrypt content, including BOSS database information, using t...

5CVSS6.8AI score0.02063EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/05/28 5:36 p.m.6 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
OSV
OSV
added 2007/07/03 6:30 p.m.2 views

DEBIAN-CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

5CVSS6.9AI score0.0176EPSS
Exploits0References1
OSV
OSV
added 2005/10/18 9:2 p.m.1 views

DEBIAN-CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

5CVSS6.8AI score0.01782EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/01/28 12:0 a.m.26 views

OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm

source: https://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases. OracleAS TopLink Mapping Workbenc...

7AI score
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.12 views

CVE-2003-1392

CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data...

6.6CVSS6.3AI score0.01501EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/10/16 12:0 a.m.212 views

[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability

---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2001/02/14 5:0 a.m.35 views

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

6.6AI score0.00531EPSS
Exploits0References2
Rows per page
Query Builder