CWE-310: Cryptographic Issues — known CVE vulnerabilities
CVEs classified under CWE-310 (Cryptographic Issues), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2014-7878 — CVSS 10.0 (critical): The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node…
CVE-2013-3712 — CVSS 10.0 (critical): SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact…
CVE-2013-6952 — CVSS 10.0 (critical): The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware…
CVE-2013-6838 — CVSS 10.0 (critical): An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when…
CVE-2013-0137 — CVSS 10.0 (critical): The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device…
CVE-2011-5123 — CVSS 10.0 (critical): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable…
CVE-2011-5121 — CVSS 10.0 (critical): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates…
CVE-2012-2405 — CVSS 10.0 (critical): Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a…
CVE-2011-4684 — CVSS 10.0 (critical): Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to…
CVE-2011-2344 — CVSS 10.0 (critical): Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from…
CVE-2011-0935 — CVSS 10.0 (critical): The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers…
CVE-2010-2978 — CVSS 10.0 (critical): Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed…
CVE-2010-2468 — CVSS 10.0 (critical): The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for…
CVE-2008-7252 — CVSS 10.0 (critical): libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and…
CVE-2008-7023 — CVSS 10.0 (critical): Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all…
CVE-2008-6993 — CVSS 10.0 (critical): Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE…
CVE-2008-6824 — CVSS 10.0 (critical): The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it…
CVE-2009-1477 — CVSS 10.0 (critical): The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the…
CVE-2009-1473 — CVSS 10.0 (critical): The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with…
CVE-2009-1472 — CVSS 10.0 (critical): The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a…
CVE-2009-1174 — CVSS 10.0 (critical): The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an…
CVE-2008-5100 — CVSS 10.0 (critical): The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the…
CVE-2007-6521 — CVSS 10.0 (critical): Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
CVE-2006-5982 — CVSS 10.0 (critical): SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to…
CVE-2006-0270 — CVSS 10.0 (critical): Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified…
CVE-2017-18160 — CVSS 9.8 (critical): AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and…
CVE-2014-8686 — CVSS 9.8 (critical): CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption…
CVE-2014-8684 — CVSS 9.8 (critical): CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies…
CVE-2015-9107 — CVSS 9.8 (critical): Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored…
CVE-2016-0897 — CVSS 9.8 (critical): Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH…
CVE-2015-8805 — CVSS 9.8 (critical): The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2004-2761 — CVSS 9.8 (critical): The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing…
CVE-2014-2046 — CVSS 9.7 (critical): cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers…
CVE-2014-6221 — CVSS 9.4 (critical): The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x…
CVE-2015-6033 — CVSS 9.3 (critical): Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers…
CVE-2014-6140 — CVSS 9.3 (critical): IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers'…
CVE-2013-2100 — CVSS 9.3 (critical): The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from…
CVE-2013-7136 — CVSS 9.3 (critical): The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which…
CVE-2013-2803 — CVSS 9.3 (critical): ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier…
CVE-2013-2782 — CVSS 9.3 (critical): Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across…
CVE-2013-4787 — CVSS 9.3 (critical): Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to…
CVE-2011-0724 — CVSS 9.3 (critical): The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each…
CVE-2010-1377 — CVSS 9.3 (critical): Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows…
CVE-2010-1911 — CVSS 9.3 (critical): The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber…
CVE-2009-2982 — CVSS 9.3 (critical): An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote…
CVE-2009-2061 — CVSS 9.3 (critical): Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle…
CVE-2007-5863 — CVSS 9.3 (critical): Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack…
CVE-2007-4750 — CVSS 9.3 (critical): Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a…
CVE-2007-4926 — CVSS 9.3 (critical): The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain…
CVE-2018-14062 — CVSS 9.1 (critical): The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and…