Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2021-12-06 CVE-2021-22170 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gitlab
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
network
low complexity
gitlab CWE-327
7.5
2021-11-23 CVE-2021-22356 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products
There is a weak secure algorithm vulnerability in Huawei products.
network
high complexity
huawei CWE-327
5.9
2021-11-15 CVE-2021-41263 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Discourse Rails Multisite
rails_multisite provides multi-db support for Rails applications.
network
low complexity
discourse CWE-327
8.8
2021-10-25 CVE-2020-14264 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Traveler Companion
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
low complexity
hcltech CWE-327
3.9
2021-09-30 CVE-2021-29894 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-09-15 CVE-2021-29750 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-09-06 CVE-2021-40528 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
gnupg CWE-327
5.9
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp fedoraproject CWE-327
5.9
2021-09-02 CVE-2021-31796 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyberark Credential Provider
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure.
network
low complexity
cyberark CWE-327
7.5