Total
383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2474 | 4 Apple, Canonical, Fedoraproject and 1 more | 4 Mac Os X, Ubuntu Linux, Fedora and 1 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | |||||
| CVE-2004-2172 | 1 Netsourcecommerce | 1 Productcart | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | |||||
| CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
| CVE-2002-1975 | 1 Sharp | 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
| CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | |||||
| CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2025-04-03 | 5.0 MEDIUM | N/A |
| The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | |||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | |||||
| CVE-2025-2516 | 2025-03-27 | N/A | N/A | ||
| The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | |||||
| CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-03-26 | N/A | 5.3 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | |||||
| CVE-2024-36823 | 1 Ninjaframework | 1 Ninja | 2025-03-25 | N/A | 7.5 HIGH |
| The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. | |||||
| CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-19 | N/A | 7.5 HIGH |
| An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | |||||
| CVE-2025-2349 | 2025-03-16 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | |||||
| CVE-2024-37034 | 1 Couchbase | 1 Couchbase Server | 2025-03-14 | N/A | 5.9 MEDIUM |
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | |||||
| CVE-2024-22892 | 1 Openslides | 1 Openslides | 2025-03-14 | N/A | 7.5 HIGH |
| OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | |||||