CVE-2021-36647

MEDIUM Year: 2021
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-327
View all →

Vulnerability Description

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

Related Vulnerabilities

CVE-2017-14937

MEDIUM
CVSS:4.7(Medium)

The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units...

CWE-3272017

CVE-2019-15795

MEDIUM
CVSS:4.7(Medium)

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle ...

CWE-3272019

CVE-2022-30187

MEDIUM
CVSS:4.7(Medium)

Azure Storage Library Information Disclosure Vulnerability

CWE-3272022

CVE-2007-5460

MEDIUM
CVSS:4.6(Medium)

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the devic...

CWE-3272007

CVE-2019-11341

MEDIUM
CVSS:4.6(Medium)

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering t...

CWE-3272019

CVE-2020-12702

MEDIUM
CVSS:4.6(Medium)

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd...

CWE-3272020