CWE-320

91 CVEs classified under CWE-320. Browse by severity and year.

Top CVEs for CWE-320
CVESeverityScorePublishedSummary
CVE-2016-10467Critical9.82018-04-18In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, S…
CVE-2016-10421Critical9.82018-04-18In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MD…
CVE-2018-0124Critical9.82018-02-22A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated pr…
CVE-2015-0936Critical9.82017-06-01Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by lev…
CVE-2015-4166Critical9.82017-03-23Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss…
CVE-2024-36391Critical9.12024-06-02MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
CVE-2019-5672Critical9.12019-04-11NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) k…
CVE-2015-8542High8.82016-12-15An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after…
CVE-2015-0839High8.12017-08-02The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a…
CVE-2016-2880High7.82017-03-01IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
CVE-2023-21652High7.72023-08-08Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2021-26322High7.52021-11-16Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
CVE-2019-9894High7.52019-03-21A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVE-2017-13887High7.52019-01-11In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.
CVE-2018-0732High7.52018-06-12During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the…
CVE-2015-0153High7.52018-04-12D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.
CVE-2018-9234High7.52018-04-04GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid cer…
CVE-2015-7503High7.52017-10-10Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
CVE-2016-6879High7.52017-04-10The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more tha…
CVE-2016-6886High7.52017-01-13The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value o…