Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-06 | CVE-2021-40528 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2.6 |
| 2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Botan Project Botan The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2.6 |
| 2021-09-06 | CVE-2021-40530 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cryptopp Crypto++ The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2.6 |
| 2021-09-01 | CVE-2021-33582 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyrus Imap Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. | 5.0 |
| 2021-08-30 | CVE-2021-33003 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | 2.1 |
| 2021-08-30 | CVE-2021-29722 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-08-30 | CVE-2021-29723 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-08-23 | CVE-2021-29704 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0/38.2 IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-08-12 | CVE-2020-36363 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon Cloudfront 1.22019 Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | 7.5 |
| 2021-08-12 | CVE-2021-31556 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mediawiki An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 7.5 |