Przykłady dla CWE-310: Cryptographic Issues

	Tytuł	Data	Autor
Low	Fujitsu Wireless Keyboard Set LX390 Keystroke Injection	24.10.2019	Matthias Deeg
Low	Fujitsu Wireless Keyboard Set LX390 Replay Attacks	24.10.2019	Matthias Deeg
Med.	ABUS Secvest 3.01.01 Cryptographic Issues	05.05.2019	Matthias Deeg
Med.	Fujitsu LX901 GK900 Keystroke Injection	16.03.2019	Matthias Deeg
Low	PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues	14.01.2019	Christian Pappas
Med.	Microsoft Surface Hub Keyboard Replay	31.01.2018	Matthias Deeg
Low	EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues	28.11.2016	Gerhard Klostermeier
Low	Wireless Keyboard Set LX901 GK900 Replay Attack	10.10.2016	SySS
Med.	Logitech K520 Crypto Issues / Replay Attacks	30.07.2016	SySS
Med.	Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks	30.07.2016	SySS
Med.	Perixx Computer PERIDUO-710W Keystroke Injection	30.07.2016	SySS
Med.	CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection	30.07.2016	SySS
High	Checkmarx CxQL 7.1.5 Sandbox Bypass	04.09.2015	Huy-Ngoc DAU
Med.	Avaya one-X Agent 2.5 SP2 Cryptography Issues	04.09.2015	Sven Freund
Med.	OpenSSL 1.0.1j Multiple Vulnerabilities	10.01.2015	Multiple Authors
Low	SAP HANA XS Missing Encryption	30.07.2014	Onapsis
Med.	OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day	05.01.2014	Dr. Stephen Henson
Med.	OWASP ESAPI Symmetric Encryption MAC Bypass	17.09.2013	Philippe Arteau
High	OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack	09.02.2013	OpenSSL
Med.	Merethis Centreon Multiple Vulnerabilities	13.11.2011	none
Med.	Multiples Vulnerabilities in ManageEngine ServiceDesk Plus	20.09.2011	CORE Security Technolo...
Med.	rsa envision 4.0 sp security issue	26.08.2011	emc
Low	EMC Data Protection Advisor sensitive information disclosure vulnerability	03.08.2011	emc
Low	Clear Text Secrets in PassmanLite Could Allow Access to Passwords	17.05.2011	Simon Roses
High	MediaCast Password Dump Vulnerability	13.05.2011	Packetninjas L.L.C
High	EMC Avamar sensitive information disclosure vulnerability	18.03.2011	Security_Alert
Med.	KDC denial of service attacks	12.02.2011	Tom Yu
Med.	Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate	09.02.2011	Garrett Held
Med.	Free Simple Software - SQL Injection Vulnerability	02.12.2010	Mark Stanislav
Med.	MS10-070 ASP.NET Padding Oracle File Download	17.10.2010	Agustin Azubel
Med.	ASP.NET Padding Oracle Vulnerability (MS10-070)	07.10.2010	Giorgio Fedon
High	ToutVirtual VirtualIQ Multiple Vulnerabilities	21.05.2010	Claudio Criscione
Med.	Aapache/mod_ssl vulnerability and mitigation	11.11.2009	Apache team
Low	linux kernel 2.6.25.15 get_instantiation_keyring() should inc the keyring	05.11.2009	Eugene Teoeugeneteo
Low	Wordpress Resource Exhaustion - Denial of Service Vulnerability	26.10.2009	jcarlosn
Med.	C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness	04.10.2009	Eyal Udassin & Jonatha...
Med.	Crypto backdoor in Qnap storage devices (CVE-2009-3200)	23.09.2009	Marc Heuse (mh baselin...
High	iphone email client does not validate ssl certificates	23.09.2009	Bill Borskey
Low	Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier	30.08.2009	ryan wessels
High	Multiple vulnerabilities in several ATEN IP KVM Switches	28.05.2009	Jakob Lell
Med.	DotNetNuke Default Machine Key Exposure	01.04.2009	gdssecurity
Med.	MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Vulnerabilities	21.02.2009	CWH
Med.	MD5 Considered Harmful Today: Creating a rogue CA certificate	07.01.2009	Alexander Sotirov
Med.	Joomla: Session hijacking vulnerability	17.12.2008	Hanno Boeck
High	New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework	20.11.2008	Erez Metula
Med.	Typo <= 5.1.3 Multiple Vulnerabilities	02.11.2008	L4teral
High	Aruba Mobility Controller Shared Default Certificate	24.09.2008	nnposter
Med.	Squirrelmail: Session hijacking vulnerability	23.09.2008	Hanno B
Med.	menalto gallery: Session hijacking vulnerability	23.09.2008	Hanno B
Low	Folder Lock <= 5.9.5 Local Password Information Disclosure	21.08.2008	Charalambous Glafkos
Med.	EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability	22.07.2008	zhliu_at_fortinet.com

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2023-05-04

CVE-2023-25934

Updating...

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

2022-12-19

	CVE-2021-4258	Updating...	DISPUTED A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.
	CVE-2022-4610	Updating...	A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.

2019-09-03

Medium

CVE-2019-14261

Vendor: ABUS
Software: Secvest wire...

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.

2019-08-22

Low

CVE-2019-9155

Vendor: Openpgpjs
Software: Openpgpjs

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

2019-08-15

High

CVE-2018-14062

Vendor: Cospas-sarsat
Software: Cospas-sarsa...

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.

2019-08-14

Medium

CVE-2019-9506

Vendor: Apple
Software: Iphone os

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

2019-08-08

Medium

CVE-2018-20954

Vendor: Mailpile
Software: Mailpile

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

2019-08-07

Medium	CVE-2016-5431	Vendor: Php jose project Software: Php jose	The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Low	CVE-2019-10099	Vendor: Apache Software: Spark	Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

24.10.2019

24.10.2019

05.05.2019

16.03.2019

14.01.2019

31.01.2018

28.11.2016

10.10.2016

30.07.2016

30.07.2016

30.07.2016

30.07.2016

04.09.2015

04.09.2015

10.01.2015

30.07.2014

05.01.2014

17.09.2013

09.02.2013

13.11.2011

20.09.2011

26.08.2011

03.08.2011

17.05.2011

13.05.2011

18.03.2011

12.02.2011

09.02.2011

02.12.2010

17.10.2010

07.10.2010

21.05.2010

11.11.2009

05.11.2009

26.10.2009

04.10.2009

23.09.2009

23.09.2009

30.08.2009

28.05.2009

01.04.2009

21.02.2009

07.01.2009

17.12.2008

20.11.2008

02.11.2008

24.09.2008

23.09.2008

23.09.2008

21.08.2008

22.07.2008