CWE-310 · Cryptographic Issues

2509 CVEs classified under CWE-310 (Cryptographic Issues). Browse by severity and year.

Top CVEs for CWE-310
CVESeverityScorePublishedSummary
CVE-2019-1804Critical9.82019-05-03A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthen…
CVE-2017-18160Critical9.82019-01-18AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions M…
CVE-2014-8686Critical9.82017-09-19CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt…
CVE-2014-8684Critical9.82017-09-19CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently condu…
CVE-2015-9107Critical9.82017-08-04Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented…
CVE-2016-0897Critical9.82016-09-18Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators…
CVE-2015-8805Critical9.82016-02-23The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t…
CVE-2015-8804Critical9.82016-02-23x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST e…
CVE-2015-8803Critical9.82016-02-23The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t…
CVE-2004-2761Critical9.82009-01-05The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated…
CVE-2018-14062Critical9.12019-08-15The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (…
CVE-2018-5402Critical9.12018-10-08The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the ad…
CVE-2015-7923Critical9.02016-01-30Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to d…
CVE-2015-8989High8.82017-03-14Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows…
CVE-2017-14852High8.62019-06-03An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The att…
CVE-2016-0904High8.62016-09-21Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installa…
CVE-2024-38408High8.22024-11-04Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2019-9506High8.12019-08-14The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influen…
CVE-2019-9861High8.12019-05-14Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can…
CVE-2016-10697High8.12018-06-04react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP…