Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2020-04-17 CVE-2019-20775 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 9.0
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software.
local
low complexity
google CWE-327
5.5
2020-04-17 CVE-2020-10377 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitel Mivoice Connect and Mivoice Connect Client
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials.
network
low complexity
mitel CWE-327
critical
9.8
2020-04-17 CVE-2020-11872 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bluetrace Opentrace 1.0
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.
network
low complexity
bluetrace CWE-327
7.5
2020-04-16 CVE-2019-14001 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Qualcomm products
Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20
local
low complexity
qualcomm CWE-327
7.8
2020-04-14 CVE-2020-11005 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Windowshello Project Windowshello
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication.
local
low complexity
windowshello-project CWE-327
5.5
2020-04-14 CVE-2018-6402 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ecobee Ecobee4 Firmware 4.2.0.171
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal.
high complexity
ecobee CWE-327
7.5
2020-04-08 CVE-2018-21058 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 7.0/8.0
An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software.
network
low complexity
google CWE-327
critical
9.8
2020-04-03 CVE-2020-10601 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Visam Vbase Editor and Vbase Web-Remote
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.
local
low complexity
visam CWE-327
7.8
2020-04-03 CVE-2020-11500 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8/4.6.9
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption.
network
low complexity
zoom CWE-327
7.5
2020-03-26 CVE-2019-15795 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier.
network
high complexity
ubuntu debian CWE-327
4.7