Vulnerabilities > Cryptographic Issues

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2015-5012 Cryptographic Issues vulnerability in IBM products
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
ibm CWE-310
7.5
2016-02-08 CVE-2016-2268 Cryptographic Issues vulnerability in Dell Secureworks 2.0.6
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
dell CWE-310
6.8
2016-01-31 CVE-2016-1948 Cryptographic Issues vulnerability in multiple products
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
network
low complexity
google mozilla CWE-310
5.3
2016-01-31 CVE-2016-1938 Cryptographic Issues vulnerability in multiple products
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
network
low complexity
opensuse mozilla CWE-310
6.5
2016-01-30 CVE-2015-7923 Cryptographic Issues vulnerability in Westermo Weos 4.18.0
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
network
high complexity
westermo CWE-310
critical
9.0
2016-01-15 CVE-2015-8281 Cryptographic Issues vulnerability in Samsung web Viewer 1.0.0.193
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations.
network
low complexity
samsung CWE-310
7.5
2016-01-08 CVE-2014-8886 Cryptographic Issues vulnerability in AVM Fritz! OS 6.23
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.
network
high complexity
avm CWE-310
8.1
2015-12-31 CVE-2014-3260 Cryptographic Issues vulnerability in Pacom 1000 CCU GMS and RTU GMS
Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.
high complexity
pacom CWE-310
7.5
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2014-10-15 CVE-2014-3566 Cryptographic Issues vulnerability in multiple products
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
3.4