Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2020-13777 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3).
network
high complexity
gnu fedoraproject canonical debian CWE-327
7.4
2020-06-02 CVE-2020-4367 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Planning Analytics Local
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2020-06-01 CVE-2020-13757 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext.
7.5
2020-05-27 CVE-2020-4379 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2020-05-27 CVE-2020-4350 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2020-05-27 CVE-2020-4349 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2020-05-18 CVE-2020-13135 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dlink Dsp-W215 Firmware 1.26B03
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy.
low complexity
dlink CWE-327
6.5
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
9.3
2020-04-17 CVE-2020-11876 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context.
network
low complexity
zoom CWE-327
7.5
2020-04-16 CVE-2019-14001 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Qualcomm products
Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20
local
low complexity
qualcomm CWE-327
4.6