Vulnerabilities > Cryptographic Issues

DATE CVE VULNERABILITY TITLE RISK
2016-09-08 CVE-2016-4379 Cryptographic Issues vulnerability in HP Integrated Lights-Out 3 Firmware
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.
network
high complexity
hp CWE-310
3.7
2016-08-10 CVE-2016-5419 Cryptographic Issues vulnerability in multiple products
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
network
low complexity
haxx debian opensuse CWE-310
7.5
2016-08-02 CVE-2016-6257 Cryptographic Issues vulnerability in multiple products
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
6.5
2016-07-12 CVE-2016-5774 Cryptographic Issues vulnerability in Blue Coat Packetshaper S-Series
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.
network
high complexity
blue-coat CWE-310
8.1
2016-06-16 CVE-2012-6702 Cryptographic Issues vulnerability in multiple products
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
network
high complexity
libexpat-project google canonical debian CWE-310
5.9
2016-06-13 CVE-2016-4005 Cryptographic Issues vulnerability in Huawei Hilink APP 3.19.1
The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
local
low complexity
huawei CWE-310
5.5
2016-06-10 CVE-2016-4511 Cryptographic Issues vulnerability in ABB Pcm600 2.6
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
local
low complexity
abb CWE-310
2.8
2016-06-01 CVE-2016-1902 Cryptographic Issues vulnerability in multiple products
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
debian sensiolabs CWE-310
7.5
2016-05-22 CVE-2015-8867 Cryptographic Issues vulnerability in multiple products
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
php canonical CWE-310
7.5
2016-05-13 CVE-2014-9742 Cryptographic Issues vulnerability in Botan Project Botan
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
network
low complexity
botan-project CWE-310
7.5