Filtered by vendor
Subscriptions
Total
390 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.8 Medium |
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
CVE-2009-2474 | 5 Apple, Canonical, Fedoraproject and 2 more | 5 Mac Os X, Ubuntu Linux, Fedora and 2 more | 2024-11-21 | N/A |
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
CVE-2005-4900 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | ||||
CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2024-11-21 | 7.5 High |
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | ||||
CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2024-11-21 | N/A |
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | ||||
CVE-2004-2172 | 1 Netsourcecommerce | 1 Productcart | 2024-11-21 | 7.5 High |
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | ||||
CVE-2002-1975 | 1 Sharp | 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more | 2024-11-21 | 5.5 Medium |
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | ||||
CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-11-21 | 5.5 Medium |
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | ||||
CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2024-11-21 | 7.5 High |
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | ||||
CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-11-21 | 7.5 High |
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | ||||
CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2024-11-21 | 5.5 Medium |
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | ||||
CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2024-11-21 | 7.5 High |
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | ||||
CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2024-11-21 | 5.5 Medium |
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | ||||
CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2024-11-21 | 7.8 High |
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | ||||
CVE-2023-6728 | 2024-11-05 | 3.3 Low | ||
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | ||||
CVE-2024-43382 | 1 Snowflake | 1 Snowflake Jdbc | 2024-11-01 | 5.9 Medium |
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. | ||||
CVE-2024-45259 | 1 Gl-inet | 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more | 2024-10-28 | 6.5 Medium |
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted. | ||||
CVE-2024-45394 | 2 Authenticator, Authenticator-extension | 2 Authenticator, Authenticator | 2024-10-09 | 8.8 High |
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | ||||
CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2024-10-08 | 7.5 High |
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | ||||
CVE-2024-47182 | 1 Amirraminfar | 1 Dozzle | 2024-10-04 | 4.8 Medium |
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. |