Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-10 | CVE-2018-16806 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Pektron Passive Keyless Entry and Start System Firmware A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. | 6.5 |
| 2018-08-31 | CVE-2018-11057 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. | 5.9 |
| 2018-08-17 | CVE-2018-15355 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Kraftway 24F2Xg Router Firmware 3.5.30.1118 Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. | 5.9 |
| 2018-07-20 | CVE-2017-1575 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling File Gateway IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. | 5.5 |
| 2018-06-27 | CVE-2017-16718 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Beckhoff Twincat 3.0 Beckhoff TwinCAT 3 supports communication over ADS. | 5.9 |
| 2018-06-14 | CVE-2018-12420 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. | 7.5 |
| 2018-06-11 | CVE-2018-5152 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. | 6.5 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-05-29 | CVE-2015-9235 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Auth0 Jsonwebtoken In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | 9.8 |
| 2018-05-16 | CVE-2018-11209 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zblogcn Z-Blogphp 2.0.0 An issue was discovered in Z-BlogPHP 2.0.0. | 7.2 |