PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successf...

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to th...

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM89...

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture...

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote...

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or...

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allow...

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by levera...

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a craft...

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms...

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pas...

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such...

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate t...

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey v...

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of...

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swap...

closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code e...

AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and con...

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardenin...

Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Windows Cryptographic Services Security Feature Bypass Vulnerability

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Co...