Vulnerabilities > Cryptographic Issues

DATE CVE VULNERABILITY TITLE RISK
2016-05-05 CVE-2000-1254 Cryptographic Issues vulnerability in Openssl
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.
network
low complexity
openssl CWE-310
7.5
2016-05-02 CVE-2016-2053 Cryptographic Issues vulnerability in Linux Kernel
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.
local
high complexity
linux CWE-310
4.7
2016-04-25 CVE-2016-2333 Cryptographic Issues vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
network
low complexity
systech CWE-310
7.5
2016-04-25 CVE-2016-2113 Cryptographic Issues vulnerability in multiple products
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
network
high complexity
samba canonical CWE-310
7.4
2016-04-22 CVE-2016-2306 Cryptographic Issues vulnerability in Ecava Integraxor
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
low complexity
ecava CWE-310
7.5
2016-04-21 CVE-2013-7449 Cryptographic Issues vulnerability in multiple products
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
low complexity
canonical xchat hexchat-project CWE-310
6.5
2016-04-15 CVE-2016-1273 Cryptographic Issues vulnerability in Juniper Junos
Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors.
network
high complexity
juniper CWE-310
5.9
2016-03-24 CVE-2016-1788 Cryptographic Issues vulnerability in Apple Iphone OS and Watchos
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
network
high complexity
apple CWE-310
5.9
2016-03-24 CVE-2016-1777 Cryptographic Issues vulnerability in Apple mac OS X Server
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
apple CWE-310
7.5
2016-02-23 CVE-2015-8805 Cryptographic Issues vulnerability in multiple products
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
network
low complexity
nettle-project canonical opensuse CWE-310
critical
9.8