Total
435 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9645 | 1 Mirion | 16 Dmc 3000 Transmitter, Dmc 3000 Transmitter Firmware, Drm-1\/2 and 13 more | 2026-05-13 | 3.3 LOW | 6.5 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. | |||||
| CVE-2017-12871 | 1 Simplesamlphp | 1 Simplesamlphp | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | |||||
| CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2026-05-13 | 7.9 HIGH | 7.5 HIGH |
| Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | |||||
| CVE-2017-2391 | 1 Apple | 3 Keynote, Numbers, Pages | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | |||||
| CVE-2016-9121 | 1 Go-jose Project | 1 Go-jose | 2026-05-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. | |||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2026-05-13 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
| CVE-2017-17436 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2026-05-13 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. | |||||
| CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2026-05-13 | 3.5 LOW | 5.3 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | |||||
| CVE-2017-1319 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2026-05-13 | 3.3 LOW | 8.8 HIGH |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | |||||
| CVE-2017-14262 | 1 Samsung | 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more | 2026-05-13 | 9.3 HIGH | 8.1 HIGH |
| On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | |||||
| CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2026-05-13 | 7.8 HIGH | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2016-5919 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. | |||||
| CVE-2017-7229 | 1 Vaultive | 1 Office 365 Security | 2026-05-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). | |||||
| CVE-2014-9199 | 1 Clorius Controls A\/s | 1 Java Web Client | 2026-05-06 | 10.0 HIGH | N/A |
| The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. | |||||
| CVE-2016-5804 | 1 Moxa | 10 Mgate Mb3170, Mgate Mb3170 Firmware, Mgate Mb3180 and 7 more | 2026-05-06 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | |||||
| CVE-2015-8085 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2026-05-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | |||||
| CVE-2015-8086 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2026-05-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | |||||
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 20 Fedora, Filezilla Server, Mariadb and 17 more | 2026-05-06 | 5.8 MEDIUM | 7.4 HIGH |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | |||||
| CVE-2014-2380 | 1 Invensys | 1 Wonderware Information Server | 2026-05-06 | 7.8 HIGH | N/A |
| Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. | |||||