CWE-320
91 CVEs classified under CWE-320. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-10467 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, S… |
CVE-2016-10421 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MD… |
CVE-2018-0124 | Critical | 9.8 | 2018-02-22 | A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated pr… |
CVE-2015-0936 | Critical | 9.8 | 2017-06-01 | Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by lev… |
CVE-2015-4166 | Critical | 9.8 | 2017-03-23 | Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss… |
CVE-2024-36391 | Critical | 9.1 | 2024-06-02 | MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic |
CVE-2019-5672 | Critical | 9.1 | 2019-04-11 | NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) k… |
CVE-2015-8542 | High | 8.8 | 2016-12-15 | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after… |
CVE-2015-0839 | High | 8.1 | 2017-08-02 | The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a… |
CVE-2016-2880 | High | 7.8 | 2017-03-01 | IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. |
CVE-2023-21652 | High | 7.7 | 2023-08-08 | Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. |
CVE-2021-26322 | High | 7.5 | 2021-11-16 | Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. |
CVE-2019-9894 | High | 7.5 | 2019-03-21 | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
CVE-2017-13887 | High | 7.5 | 2019-01-11 | In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. |
CVE-2018-0732 | High | 7.5 | 2018-06-12 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the… |
CVE-2015-0153 | High | 7.5 | 2018-04-12 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. |
CVE-2018-9234 | High | 7.5 | 2018-04-04 | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid cer… |
CVE-2015-7503 | High | 7.5 | 2017-10-10 | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. |
CVE-2016-6879 | High | 7.5 | 2017-04-10 | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more tha… |
CVE-2016-6886 | High | 7.5 | 2017-01-13 | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value o… |