Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | |||||
| CVE-2007-6755 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j | 2024-11-21 | 5.8 MEDIUM | N/A |
| The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE. | |||||
| CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | |||||
| CVE-2007-5460 | 1 Microsoft | 2 Activesync, Windows Mobile | 2024-11-21 | 7.1 HIGH | 4.6 MEDIUM |
| Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. | |||||
| CVE-2007-4150 | 1 Visionsoft | 1 Audit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2005-4860 | 1 Spectrumcu | 1 Cash Receipting System | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | |||||
| CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | |||||
| CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
| CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| Information from SSL-encrypted sessions via PKCS #1. | |||||
| CVE-2024-43189 | 2024-11-18 | N/A | 5.9 MEDIUM | ||
| IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-20070 | 2024-11-15 | N/A | 5.1 MEDIUM | ||
| In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. | |||||
| CVE-2020-11916 | 2024-11-08 | N/A | 6.3 MEDIUM | ||
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. | |||||
| CVE-2024-51556 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | N/A | 6.5 MEDIUM |
| This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs leading to unauthorized access to sensitive information belonging to other users. | |||||
| CVE-2024-51478 | 2024-11-01 | N/A | 9.9 CRITICAL | ||
| YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | |||||
| CVE-2024-10128 | 1 Topdata | 1 Inner Rep Plus | 2024-10-30 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-10-29 | N/A | 7.1 HIGH |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-10-29 | N/A | 7.1 HIGH |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-5962 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-10-28 | N/A | 6.5 MEDIUM |
| A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | |||||
| CVE-2024-47188 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. | |||||
| CVE-2024-47187 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. | |||||