Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | |||||
| CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2025-04-03 | 5.0 MEDIUM | N/A |
| The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | |||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | |||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
| CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2025-2516 | 2025-03-27 | N/A | N/A | ||
| The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | |||||
| CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-03-26 | N/A | 5.3 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | |||||
| CVE-2020-36250 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 2.1 LOW | 6.1 MEDIUM |
| In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | |||||
| CVE-2024-36823 | 1 Ninjaframework | 1 Ninja | 2025-03-25 | N/A | 7.5 HIGH |
| The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. | |||||
| CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-19 | N/A | 7.5 HIGH |
| An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | |||||
| CVE-2025-2349 | 2025-03-16 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | |||||
| CVE-2024-37034 | 1 Couchbase | 1 Couchbase Server | 2025-03-14 | N/A | 5.9 MEDIUM |
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | |||||
| CVE-2024-22892 | 1 Openslides | 1 Openslides | 2025-03-14 | N/A | 7.5 HIGH |
| OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | |||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | |||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | |||||
| CVE-2022-45141 | 1 Samba | 1 Samba | 2025-03-06 | N/A | 9.8 CRITICAL |
| Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | |||||