Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2025-04-03 | 7.8 High |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | ||||
| CVE-2002-1910 | 1 Click-2 | 1 Ingenium Learning Management System | 2025-04-03 | 7.5 High |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | ||||
| CVE-2005-2281 | 1 Juvare | 1 Webeoc | 2025-04-03 | 7.5 High |
| WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | ||||
| CVE-2005-0366 | 1 Gnupg | 1 Gnupg | 2025-04-03 | N/A |
| The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | ||||
| CVE-2002-1739 | 1 Mdaemon | 1 Mdaemon | 2025-04-03 | 5.5 Medium |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | ||||
| CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2025-04-03 | 5.5 Medium |
| NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | ||||
| CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-03-26 | 5.3 Medium |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | ||||
| CVE-2022-34385 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 5.5 Medium |
| SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | ||||
| CVE-2024-36823 | 1 Ninjaframework | 1 Ninja | 2025-03-25 | 7.5 High |
| The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. | ||||
| CVE-2023-21443 | 1 Samsung | 1 Flow | 2025-03-24 | 7.5 High |
| Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | ||||
| CVE-2023-21444 | 1 Samsung | 1 Flow | 2025-03-24 | 7.5 High |
| Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | ||||
| CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-19 | 7.5 High |
| An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | ||||
| CVE-2024-37034 | 1 Couchbase | 1 Couchbase Server | 2025-03-14 | 5.9 Medium |
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | ||||
| CVE-2024-22892 | 1 Openslides | 1 Openslides | 2025-03-14 | 7.5 High |
| OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | ||||
| CVE-2024-21881 | 1 Enphase | 1 Envoy | 2025-03-11 | N/A |
| Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x | ||||
| CVE-2022-45141 | 1 Samba | 1 Samba | 2025-03-06 | 9.8 Critical |
| Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | ||||
| CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.3 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | ||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2025-02-28 | 7.5 High |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | ||||
| CVE-2023-2197 | 1 Hashicorp | 1 Vault | 2025-02-13 | 2.5 Low |
| HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | ||||
| CVE-2024-13026 | 2025-02-12 | N/A | ||
| A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected. | ||||