Total
363 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | |||||
CVE-2002-1975 | 1 Sharp | 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | |||||
CVE-2023-48051 | 1 Carglglz | 1 Upydev | 2024-02-05 | N/A | 7.5 HIGH |
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | |||||
CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2024-02-05 | N/A | 7.5 HIGH |
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | |||||
CVE-2023-47370 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-02-05 | N/A | 6.5 MEDIUM |
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
CVE-2023-47373 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-47372 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-48034 | 1 Acer | 2 Sk-9662, Sk-9662 Firmware | 2024-02-05 | N/A | 6.1 MEDIUM |
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. | |||||
CVE-2023-47363 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-02-05 | N/A | 6.5 MEDIUM |
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
CVE-2023-43757 | 1 Elecom | 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more | 2024-02-05 | N/A | 6.5 MEDIUM |
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | |||||
CVE-2023-47368 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-47369 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. | |||||
CVE-2023-47367 | 1 Linecorp | 1 Line | 2024-02-05 | N/A | 6.5 MEDIUM |
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. |