Filtered by CWE-326
Filtered by vendor Subscriptions
Total 390 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8455 2 Planet, Planet Technology Corp 9 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 6 more 2024-10-04 8.1 High
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
CVE-2024-22892 1 Openslides 1 Openslides 2024-10-01 7.5 High
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
CVE-2021-38121 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 8.3 High
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1
CVE-2024-42163 1 Fiware 1 Keyrock 2024-08-29 8.3 High
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
CVE-2024-41681 1 Siemens 1 Location Intelligence 2024-08-14 6.7 Medium
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device.
CVE-2024-21787 1 Bmra Software 1 Bmra Software 2024-08-14 6.4 Medium
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21881 1 Enphase 1 Envoy 2024-08-12 N/A
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
CVE-2024-5800 2024-08-12 N/A
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
CVE-2024-32758 1 Johnsoncontrols 2 Exacqvision Client, Exacqvision Server 2024-08-09 7.5 High
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
CVE-2024-40719 1 Changingtec 1 Tcb Servisign 2024-08-09 6.5 Medium
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.