| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
|
| An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. |
| HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. |
|
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
|
| Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. |
| An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. |
| An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. |
| The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. |
| The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. |
| CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations. |
| Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py |
