Total
505 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2025-04-22 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2025-04-21 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2025-3838 | 2025-04-21 | N/A | N/A | ||
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024. | |||||
CVE-2017-15997 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | |||||
CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | 6.8 MEDIUM | 8.5 HIGH |
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | |||||
CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong. | |||||
CVE-2017-15998 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. | |||||
CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | |||||
CVE-2016-6485 | 1 Magento | 1 Magento2 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value. | |||||
CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. | |||||
CVE-2014-8687 | 1 Seagate | 2 Business Nas, Business Nas Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | |||||
CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
CVE-2017-10668 | 1 Xoev | 1 Osci Transport Library | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption. | |||||
CVE-2017-8866 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | |||||
CVE-2017-14937 | 1 Pcu | 1 Pcu | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment. | |||||
CVE-2016-8370 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | |||||
CVE-2015-0226 | 1 Apache | 1 Wss4j | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. | |||||
CVE-2014-9969 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||||
CVE-2016-6602 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. |