Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2021-09-06 CVE-2021-40528 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
gnupg CWE-327
2.6
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Botan Project Botan
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project CWE-327
2.6
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cryptopp Crypto++
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp CWE-327
2.6
2021-09-01 CVE-2021-33582 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyrus Imap
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction.
network
low complexity
cyrus CWE-327
5.0
2021-08-30 CVE-2021-33003 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Deltaww Diaenergie 1.7.5
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
local
low complexity
deltaww CWE-327
2.1
2021-08-30 CVE-2021-29722 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2021-08-30 CVE-2021-29723 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2021-08-23 CVE-2021-29704 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0/38.2
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2021-08-12 CVE-2020-36363 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
network
low complexity
amazon CWE-327
7.5
2021-08-12 CVE-2021-31556 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mediawiki
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki CWE-327
7.5