Lucene search
K

125 matches found

Cvelist
Cvelist
added 2020/06/11 1:18 p.m.19 views

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

7.4AI score0.07842EPSS
Exploits6References4
NVD
NVD
added 2020/02/13 11:15 p.m.10 views

CVE-2013-7287

MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...

10CVSS9.4AI score0.0143EPSS
Exploits2References2
Prion
Prion
added 2020/02/13 11:15 p.m.15 views

Code injection

MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...

10CVSS7AI score0.0143EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2020/02/13 10:9 p.m.20 views

CVE-2013-7287

MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...

9.5AI score0.0143EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.4 views

The vulnerability of the SAP Enable Now platform stems from deficiencies in the encryption of user-input data, allowing attackers to carry out XSS attacks.

The vulnerability of the SAP Enable Now platform exists due to deficiencies in the encryption of user-input data. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

6.5CVSS6.5AI score0.00526EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2020/01/22 8:37 a.m.2 views

Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used b...

7CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2020/01/22 8:37 a.m.2 views

Insecure Encryption

Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...

7CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2020/01/22 8:33 a.m.1 views

Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key materia...

7CVSS7.1AI score
Exploits0References4
Snyk
Snyk
added 2020/01/22 8:33 a.m.2 views

Insecure Encryption

Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct...

7CVSS7AI score
Exploits0References4
OSV
OSV
added 2020/01/21 5:15 p.m.4 views

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

5.5CVSS6.1AI score0.00967EPSS
Exploits8References6
0day.today
0day.today
added 2020/01/21 12:0 a.m.170 views

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...

5.5CVSS0.3AI score0.00967EPSS
Exploits8
NVD
NVD
added 2019/04/07 3:29 p.m.18 views

CVE-2019-10734

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

4.3CVSS4.3AI score0.00693EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/04 12:0 a.m.2 views

ChipsBank UMPTool Privilege Gain Vulnerability

ChipsBank UMPTool is a tool for batch modification of USB flash drive information. A security vulnerability exists in ChipsBank UMPTool that originates from the program's use of a simple alternative encryption algorithm to store passwords in NAND. An attacker in close physical proximity could...

7.2CVSS6.6AI score0.0043EPSS
Exploits1References1
OSV
OSV
added 2018/03/23 4:29 p.m.2 views

CVE-2017-15326

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker...

4.3CVSS5.9AI score0.00448EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/11 9:0 p.m.24 views

CVE-2017-8867

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

5.8AI score0.00832EPSS
Exploits0References1
NVD
NVD
added 2017/10/29 5:29 p.m.16 views

CVE-2017-15998

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network...

7.5CVSS7.3AI score0.00509EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/19 12:0 a.m.1 views

Google Android Qualcomm Component Insecure Encryption Algorithm Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. The Qualcomm component in Android has a security vulnerability that stems from the use of insecure...

10CVSS9.5AI score0.00415EPSS
Exploits0References1
Veracode
Veracode
added 2017/05/16 1:26 a.m.16 views

Insecure Encryption

aescrypt uses a vulnerable encryption method. The method is vulnerable because it does not randomize the CBC IV when encrypting and decrypting data. This allows attackers to easily defeat the cryptographic mechanism by guessing the CBC IV...

7.5CVSS7.3AI score0.01148EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2016/09/07 7:28 p.m.4 views

CVE-2016-6899

The Intelligent Baseboard Management Controller iBMC in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, a...

7.5CVSS5.8AI score0.00967EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/01/18 6:0 p.m.23 views

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

6.2AI score0.02147EPSS
Exploits1References7
Rows per page
Query Builder