Vulnerabilities > Cryptographic Issues

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2015-5039 Cryptographic Issues vulnerability in IBM Rational Clearcase
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate.
network
high complexity
ibm CWE-310
7.4
2018-01-07 CVE-2014-10069 Cryptographic Issues vulnerability in Hitrontech Cve-30360 Firmware 3.1.1.21
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
network
low complexity
hitrontech CWE-310
7.5
2017-10-06 CVE-2014-2903 Cryptographic Issues vulnerability in Wolfssl
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
network
high complexity
wolfssl CWE-310
5.9
2017-09-28 CVE-2015-7256 Cryptographic Issues vulnerability in Zyxel products
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.
network
high complexity
zyxel CWE-310
5.9
2017-09-28 CVE-2014-8878 Cryptographic Issues vulnerability in KDE Kmail 4.11.5
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
network
high complexity
kde CWE-310
5.9
2017-09-25 CVE-2011-4667 Cryptographic Issues vulnerability in Cisco IOS and Nx-Os
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.
network
high complexity
cisco CWE-310
5.9
2017-09-19 CVE-2014-8686 Cryptographic Issues vulnerability in Codeigniter
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
network
low complexity
codeigniter CWE-310
critical
9.8
2017-09-19 CVE-2014-8684 Cryptographic Issues vulnerability in multiple products
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
network
low complexity
kohanaframework codeigniter CWE-310
critical
9.8
2017-09-15 CVE-2014-7808 Cryptographic Issues vulnerability in Apache Wicket
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.
network
low complexity
apache CWE-310
7.5
2017-08-04 CVE-2015-9107 Cryptographic Issues vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices.
network
low complexity
zohocorp CWE-310
critical
9.8