| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-15947 |
326 |
|
|
2019-09-05 |
2019-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command. |
|
2 |
CVE-2019-14664 |
326 |
|
Bypass |
2019-08-05 |
2019-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. |
|
3 |
CVE-2019-14332 |
326 |
|
|
2019-08-01 |
2019-08-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. |
|
4 |
CVE-2019-12665 |
326 |
|
|
2019-09-25 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. |
|
5 |
CVE-2019-10734 |
326 |
|
|
2019-04-07 |
2019-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. |
|
6 |
CVE-2019-9863 |
326 |
|
|
2019-03-27 |
2019-03-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. |
|
7 |
CVE-2019-9399 |
326 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664 |
|
8 |
CVE-2019-7161 |
326 |
|
|
2019-03-21 |
2019-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. |
|
9 |
CVE-2019-6481 |
326 |
|
Bypass |
2019-03-29 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. |
|
10 |
CVE-2019-4256 |
326 |
|
|
2019-05-29 |
2019-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. |
|
11 |
CVE-2019-4175 |
326 |
|
|
2019-09-17 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. |
|
12 |
CVE-2019-4151 |
326 |
|
|
2019-06-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. |
|
13 |
CVE-2019-4102 |
326 |
|
|
2019-07-01 |
2019-07-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. |
|
14 |
CVE-2019-3907 |
326 |
|
|
2019-01-18 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). |
|
15 |
CVE-2019-1338 |
326 |
|
Bypass |
2019-10-10 |
2019-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'. |
|
16 |
CVE-2019-0030 |
326 |
|
|
2019-01-15 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. |
|
17 |
CVE-2018-20810 |
326 |
|
|
2019-06-28 |
2019-07-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. |
|
18 |
CVE-2018-19784 |
326 |
|
File Inclusion |
2018-11-30 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. |
|
19 |
CVE-2018-19001 |
326 |
|
|
2018-12-07 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. |
|
20 |
CVE-2018-18325 |
326 |
|
|
2019-07-03 |
2019-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. |
|
21 |
CVE-2018-17177 |
326 |
|
|
2018-09-18 |
2018-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. |
|
22 |
CVE-2018-15811 |
326 |
|
|
2019-07-03 |
2019-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. |
|
23 |
CVE-2018-15124 |
326 |
|
|
2018-08-13 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. |
|
24 |
CVE-2018-9028 |
326 |
|
|
2018-06-18 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. |
|
25 |
CVE-2018-7242 |
326 |
|
|
2018-04-18 |
2018-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. |
|
26 |
CVE-2018-6653 |
326 |
|
|
2018-02-28 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. |
|
27 |
CVE-2018-6635 |
326 |
|
Bypass |
2018-02-05 |
2019-10-02 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. |
|
28 |
CVE-2018-6594 |
326 |
|
+Info |
2018-02-03 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. |
|
29 |
CVE-2018-5461 |
326 |
|
+Info |
2018-03-06 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack. |
|
30 |
CVE-2018-5298 |
326 |
|
|
2018-01-08 |
2018-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. |
|
31 |
CVE-2018-5184 |
326 |
|
|
2018-06-11 |
2018-11-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. |
|
32 |
CVE-2018-2007 |
326 |
|
|
2019-04-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. |
|
33 |
CVE-2018-1946 |
326 |
|
|
2019-02-21 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. |
|
34 |
CVE-2018-1925 |
326 |
|
|
2019-04-15 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. |
|
35 |
CVE-2018-1814 |
326 |
|
|
2018-12-13 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. |
|
36 |
CVE-2018-1785 |
326 |
|
|
2018-09-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. |
|
37 |
CVE-2018-1751 |
326 |
|
|
2019-01-23 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. |
|
38 |
CVE-2018-1665 |
326 |
|
|
2018-12-13 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. |
|
39 |
CVE-2018-1648 |
326 |
|
|
2018-12-05 |
2018-12-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. |
|
40 |
CVE-2018-1608 |
326 |
|
|
2019-05-01 |
2019-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. |
|
41 |
CVE-2018-1593 |
326 |
|
|
2018-10-02 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. |
|
42 |
CVE-2018-1545 |
326 |
|
|
2018-09-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. |
|
43 |
CVE-2018-1518 |
326 |
|
+Info |
2018-10-18 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. |
|
44 |
CVE-2018-1466 |
326 |
|
|
2018-05-17 |
2018-06-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. |
|
45 |
CVE-2018-1425 |
326 |
|
|
2018-02-27 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. |
|
46 |
CVE-2018-0448 |
326 |
|
Bypass |
2018-10-05 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. |
|
47 |
CVE-2018-0131 |
326 |
|
|
2018-08-14 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. |
|
48 |
CVE-2017-1000486 |
326 |
|
Exec Code |
2018-01-03 |
2018-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution |
|
49 |
CVE-2017-17543 |
326 |
|
|
2018-04-26 |
2018-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. |
|
50 |
CVE-2017-17436 |
326 |
|
|
2017-12-06 |
2017-12-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. |
