Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2021-10-25 CVE-2020-14264 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Traveler Companion 11.0.5/11.0.6/11.0.7
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
local
low complexity
hcltech CWE-327
2.1
2021-10-21 CVE-2021-41168 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Reddit Snudown
Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added.
network
low complexity
reddit CWE-327
4.0
2021-10-01 CVE-2021-36298 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Isilon Insightiq Firmware
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component.
network
low complexity
dell CWE-327
7.5
2021-09-30 CVE-2021-29894 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2021-09-27 CVE-2021-41096 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rucky Project Rucky
Rucky is a USB HID Rubber Ducky Launch Pad for Android.
network
low complexity
rucky-project CWE-327
5.0
2021-09-23 CVE-2021-22948 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Revive-Adserver Revive Adserver
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function.
4.3
2021-09-15 CVE-2021-29750 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2021-09-13 CVE-2021-40823 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Javascript SDK
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-09-13 CVE-2021-40824 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Element and Matrix-Android-Sdk2
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-09-06 CVE-2021-40528 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
gnupg CWE-327
2.6