Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-26 | CVE-2017-9466 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tp-Link Wr841N V8 Firmware Tlwr841Nv8140724 The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. | 9.8 |
| 2017-06-08 | CVE-2016-3099 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat products mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. | 7.5 |
| 2017-06-08 | CVE-2014-8687 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Seagate Business NAS Firmware 2014.00319 Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | 9.8 |
| 2017-06-07 | CVE-2017-4917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. | 9.8 |
| 2017-06-06 | CVE-2017-5243 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rapid7 Nexpose The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. | 8.5 |
| 2017-04-27 | CVE-2017-5186 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | 7.5 |
| 2017-03-01 | CVE-2016-6485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2 The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value. | 7.5 |
| 2017-02-13 | CVE-2016-8370 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitsubishielectric products An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. | 7.5 |
| 2017-01-23 | CVE-2016-6602 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. | 9.8 |
| 2016-09-18 | CVE-2016-0923 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. | 7.5 |