CWE-310
271 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-310page 5 of 6
- CVE-2018-19653MEDIUMCVSS 5.9EG 5.92018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrad…
- CVE-2018-5402CRITICALCVSS 9.1EG 8.82018-10-08
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations…
- CVE-2018-5458HIGHCVSS 7.5EG 7.52018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
- CVE-2018-5462HIGHCVSS 7.5EG 7.52018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- CVE-2018-5464HIGHCVSS 7.5EG 7.52018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- CVE-2018-5466HIGHCVSS 7.5EG 7.52018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- CVE-2018-5913HIGHCVSS 7.8EG 7.82019-06-14
A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Sn…
- CVE-2018-6185MEDIUMCVSS 4.9EG 4.92019-06-07
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apach…
- CVE-2018-7839MEDIUMCVSS 5.5EG 5.52019-02-06
A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.
- CVE-2019-10926MEDIUMCVSS 5.3EG 5.32019-06-12
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network po…
- CVE-2019-14261HIGHCVSS 7.5EG 7.52019-09-03
An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g.…
- CVE-2019-1804CRITICALCVSS 9.8EG 9.82019-05-03
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges o…
- CVE-2019-1940MEDIUMCVSS 5.9EG 5.92019-07-17
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certif…
- CVE-2019-3731HIGHCVSS 7.5EG 7.52019-09-30
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnera…
- CVE-2019-3739MEDIUMCVSS 6.5EG 6.52019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recove…
- CVE-2019-3740MEDIUMCVSS 6.5EG 6.52019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recov…
- CVE-2019-6576MEDIUMCVSS 6.5EG 7.52019-05-14
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F…
- CVE-2019-9191MEDIUMCVSS 5.9EG 5.92019-02-26
The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy.
- CVE-2019-9506HIGHCVSS 8.1EG 8.12019-08-14
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka …
- CVE-2019-9861HIGHCVSS 8.1EG 8.12019-05-14
Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.
- CVE-2020-3389MEDIUMCVSS 4.4EG 4.42020-08-26
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists b…
- CVE-2020-8150MEDIUMCVSS 4.1EG 4.12020-11-09
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
- CVE-2020-8173LOWCVSS 2.2EG 2.22020-11-02
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
- CVE-2020-8897MEDIUMCVSS 4.8EG 4.82020-11-16
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305)…
- CVE-2021-22947MEDIUMCVSS 5.9EG 5.92021-09-29
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to T…
- CVE-2021-41992HIGHCVSS 7.7EG 9.82022-04-30
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
- CVE-2021-41993MEDIUMCVSS 6.6EG 4.82022-04-30
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
- CVE-2021-41994MEDIUMCVSS 6.6EG 4.82022-04-30
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
- CVE-2021-41995HIGHCVSS 7.7EG 7.52022-06-30
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
- CVE-2021-42001HIGHCVSS 8.0EG 9.82022-04-30
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
- CVE-2021-4258LOWCVSS 3.7EG 7.52022-12-19
A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The …
- CVE-2022-22076HIGHCVSS 7.1EG 7.12023-06-06
information disclosure due to cryptographic issue in Core during RPMB read request.
- CVE-2022-23719HIGHCVSS 7.2EG 6.42022-06-30
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the l…
- CVE-2022-23724MEDIUMCVSS 6.4EG 8.12022-05-04
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have c…
- CVE-2022-32222MEDIUMCVSS 5.3EG 5.32022-07-14
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the…
- CVE-2022-40675MEDIUMCVSS 6.5EG 7.42023-02-16
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decr…
- CVE-2022-45453HIGHCVSS 7.5EG 5.32023-05-18
TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
- CVE-2022-4610LOWCVSS 1.9EG 5.52022-12-19
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptogra…
- CVE-2023-23919HIGHCVSS 7.5EG 7.52023-02-23
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent …
- CVE-2023-33037HIGHCVSS 7.1EG 7.12024-01-02
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
- CVE-2023-44303HIGHCVSS 7.5EG 7.52023-11-24
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stor…
- CVE-2024-20690MEDIUMCVSS 6.5EG 6.52024-01-09
Windows Nearby Sharing Spoofing Vulnerability
- CVE-2024-26228HIGHCVSS 7.8EG 7.82024-04-09
Windows Cryptographic Services Security Feature Bypass Vulnerability
- CVE-2024-38408HIGHCVSS 8.2EG 8.22024-11-04
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
- CVE-2025-0784LOWCVSS 3.7EG 3.72025-01-28
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to clearte…
- CVE-2025-10671LOWCVSS 3.7EG 3.72025-09-18
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token…
- CVE-2025-10776LOWCVSS 3.7EG 3.72025-09-22
A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be in…
- CVE-2025-11640LOWCVSS 3.1EG 3.12025-10-12
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network…
- CVE-2025-1953LOWCVSS 2.6EG 2.62025-03-04
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The m…
- CVE-2025-21422HIGHCVSS 7.1EG 7.12025-07-08
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
Map vulnerabilities like CWE-310 to your infrastructure
EchelonGraph correlates every CVE — across CWE-310 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →