Total
377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | |||||
| CVE-2002-1975 | 1 Sharp | 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | |||||
| CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2024-01-31 | N/A | 7.5 HIGH |
| Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | |||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-01-25 | N/A | 7.4 HIGH |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | |||||
| CVE-2023-26943 | 1 Assaabloy | 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware | 2024-01-16 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-01-16 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-01-16 | N/A | 6.5 MEDIUM |
| Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
| CVE-2019-19299 | 1 Siemens | 1 Sinvr\/sivms Video Server | 2024-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks. | |||||
| CVE-2023-47365 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47364 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims | |||||
| CVE-2023-47363 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47368 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47370 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47367 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47373 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||