Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13604 | 1 Assaabloy | 2 Hid Digitalpersona 4500, Hid Digitalpersona 4500 Firmware | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak. | |||||
| CVE-2019-4553 | 1 Ibm | 1 Api Connect | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | |||||
| CVE-2018-6402 | 1 Ecobee | 2 Ecobee4, Ecobee4 Firmware | 2020-08-24 | 2.9 LOW | 7.5 HIGH |
| Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack. | |||||
| CVE-2018-7211 | 1 Idashboards | 1 Idashboards | 2020-08-24 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials. | |||||
| CVE-2019-6485 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | |||||
| CVE-2019-0688 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | |||||
| CVE-2019-0187 | 1 Apache | 1 Jmeter | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised. | |||||
| CVE-2018-1996 | 1 Ibm | 1 Websphere Application Server | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. | |||||
| CVE-2018-1720 | 1 Ibm | 1 Sterling B2b Integrator | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294. | |||||
| CVE-2019-12587 | 1 Espressif | 2 Esp-idf, Esp8266 Nonos Sdk | 2020-08-24 | 4.8 MEDIUM | 8.1 HIGH |
| The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | |||||
| CVE-2019-13052 | 1 Logitech | 2 Unifying Receiver, Unifying Receiver Firmware | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. | |||||
| CVE-2020-8911 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-18 | 2.1 LOW | 5.6 MEDIUM |
| A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||
| CVE-2020-9528 | 1 Hichip | 1 Shenzhen Hichip Vision Technology Firmware | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. | |||||
| CVE-2020-8912 | 1 Amazon | 1 Aws S3 Crypto Sdk | 2020-08-17 | 2.1 LOW | 2.5 LOW |
| A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | |||||
| CVE-2020-3681 | 1 Qualcomm | 1 - | 2020-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. | |||||
| CVE-2020-4185 | 1 Ibm | 1 Security Guardium | 2020-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. | |||||
| CVE-2020-7514 | 1 Schneider-electric | 1 Easergy Builder | 2020-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access. | |||||
| CVE-2020-4191 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2020-06-05 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | |||||
| CVE-2020-4367 | 1 Ibm | 1 Planning Analytics Local | 2020-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. | |||||
| CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2020-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | |||||