25429 matches found
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
CVE-2025-40774
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...
GHSA-6P6V-M64V-JX8Q Apache Spark has Inadequate Encryption Strength
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
Apache Spark has Inadequate Encryption Strength
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
PYSEC-2025-184
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
CVE-2025-55039
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
PYSEC-2025-184
This issue affects Apache Spark versions before 3.4.4,3.5.2 and 4.0.0.Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.When spark.network.crypto.enabled is set to true it is set to false by default, but...
CVE-2025-55039
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
Improper Verification of Cryptographic Signature
Overview org.apache.spark:spark-network-common2.12 is an open-source distributed general-purpose cluster-computing framework. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not explicitly configured, resulting in the use of AES in CTR mode without authentication. An attacker can compromise the...
CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
CVE-2025-55039
CVE-2025-55039 affects Apache Spark prior to 3.4.4, 3.5.2 and 4.0.0. When spark.network.crypto.enabled is true (default false) and spark.network.crypto.cipher is not configured, Spark uses AES/CTR/NoPadding for RPC traffic, enabling encryption without authentication. A MITM could flip bits in cip...
EUVD-2025-34531
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
Amazon Linux 2 : openssl11, --advisory ALAS2-2025-3033 (ALAS-2025-3033)
The version of openssl11 installed on the remote host is prior to 1.1.1zd-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3033 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can trigger an...
Amazon Linux 2 : edk2, --advisory ALAS2-2025-3022 (ALAS-2025-3022)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3022 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a cra...
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwq6-fmvp-qp68. This link is maintained to preserve external references. Original Description Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...