Show filters
136 Total Results
Displaying 1-10 of 136
Sort by:
Attacker Value
Unknown
CVE-2020-24587
Disclosure Date: May 11, 2021 (last updated February 22, 2025)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
3
Attacker Value
Unknown
CVE-2020-36363
Disclosure Date: August 12, 2021 (last updated February 23, 2025)
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
0
Attacker Value
Unknown
CVE-2019-25052
Disclosure Date: August 11, 2021 (last updated February 23, 2025)
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
0
Attacker Value
Unknown
CVE-2021-37546
Disclosure Date: August 06, 2021 (last updated February 23, 2025)
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
0
Attacker Value
Unknown
CVE-2021-37588
Disclosure Date: July 30, 2021 (last updated February 23, 2025)
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
0
Attacker Value
Unknown
CVE-2021-37587
Disclosure Date: July 30, 2021 (last updated February 23, 2025)
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
0
Attacker Value
Unknown
CVE-2021-20337
Disclosure Date: July 23, 2021 (last updated February 23, 2025)
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.
0
Attacker Value
Unknown
CVE-2021-2351
Disclosure Date: July 21, 2021 (last updated February 23, 2025)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/A…
0
Attacker Value
Unknown
CVE-2021-34687
Disclosure Date: July 15, 2021 (last updated February 23, 2025)
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.
0
Attacker Value
Unknown
CVE-2021-20497
Disclosure Date: July 13, 2021 (last updated February 23, 2025)
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969
0