Vulnerabilities > Cryptographic Issues
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-26 | CVE-2015-5039 | Cryptographic Issues vulnerability in IBM Rational Clearcase The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. | 7.4 |
2018-01-07 | CVE-2014-10069 | Cryptographic Issues vulnerability in Hitrontech Cve-30360 Firmware 3.1.1.21 Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. | 7.5 |
2017-10-06 | CVE-2014-2903 | Cryptographic Issues vulnerability in Wolfssl CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | 5.9 |
2017-09-28 | CVE-2015-7256 | Cryptographic Issues vulnerability in Zyxel products ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | 5.9 |
2017-09-28 | CVE-2014-8878 | Cryptographic Issues vulnerability in KDE Kmail 4.11.5 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.9 |
2017-09-25 | CVE-2011-4667 | Cryptographic Issues vulnerability in Cisco IOS and Nx-Os The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | 5.9 |
2017-09-19 | CVE-2014-8686 | Cryptographic Issues vulnerability in Codeigniter CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | 9.8 |
2017-09-19 | CVE-2014-8684 | Cryptographic Issues vulnerability in multiple products CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. | 9.8 |
2017-09-15 | CVE-2014-7808 | Cryptographic Issues vulnerability in Apache Wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | 7.5 |
2017-08-04 | CVE-2015-9107 | Cryptographic Issues vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. | 9.8 |