Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12433 | 1 Cryptlib | 1 Cryptlib | 2024-08-05 | 1.9 LOW | 4.9 MEDIUM |
| ** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. | |||||
| CVE-2024-36391 | 2024-06-03 | N/A | 9.1 CRITICAL | ||
| MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic | |||||
| CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2024-04-12 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | |||||
| CVE-2023-21626 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8017 and 367 more | 2024-04-12 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | |||||
| CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | |||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | |||||
| CVE-2019-9150 | 1 Mailvelope | 1 Mailvelope | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported. | |||||
| CVE-2019-14222 | 1 Alfresco | 1 Alfresco | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface. | |||||
| CVE-2019-5885 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | |||||
| CVE-2019-10643 | 1 Contao | 1 Contao Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.7 allows Use of a Key Past its Expiration Date. | |||||
| CVE-2015-1316 | 1 Canonical | 1 Juju | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | |||||
| CVE-2018-20187 | 1 Botan Project | 1 Botan | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. | |||||
| CVE-2019-5672 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx2 | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. | |||||
| CVE-2019-10851 | 1 Computrols | 1 Computrols Building Automation Software | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Computrols CBAS 18.0.0 has hard-coded encryption keys. | |||||
| CVE-2019-1020004 | 1 Tridactyl Project | 1 Tridactyl | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Tridactyl before 1.16.0 allows fake key events. | |||||
| CVE-2017-18323 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. | |||||
| CVE-2016-8635 | 2 Mozilla, Redhat | 7 Network Security Services, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | |||||
| CVE-2017-2625 | 2 Redhat, X.org | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. | |||||
| CVE-2017-13887 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. | |||||
| CVE-2016-8614 | 1 Redhat | 1 Ansible | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. | |||||