141 matches found
CVE-2024-21881
CVE-2024-21881 affects Envoy 4.x through 5.x. The vulnerability is an Inadequate Encryption Strength issue that allows an authenticated attacker to execute arbitrary OS commands via encrypted package upload. Connected documents confirm affected software and the underlying issue, and indicate ther...
CVE-2024-40719
CVE-2024-40719 affects CHANGING Information Technology TCBServiSign Windows Version. The issue is insufficient encryption strength of the authorization keys used by the product, enabling a remote attacker to entice a victim to visit a malicious website and cause TCBServiSign to treat that site as...
Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2022-2097)
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption...
Inadequate Encryption Strength
Ninja Core is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the encrypt method in the CookieEncryption class which uses AES with default padding, leading to the possible leakage of sensitive cookie information...
Siemens SCALANCE XM-400, XR-500
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens TIM 1531 IRC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-28974
Dell Data Protection Advisor, versions 19.9, contains an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-28974
Dell Data Protection Advisor, versions 19.9, contains an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2024-22458
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...
CVE-2024-22458
Dell Secure Connect Gateway (version 5.18) is affected by an Inadequate Encryption Strength vulnerability. An unauthenticated network attacker could potentially recover plaintext from a block of ciphertext due to weak cryptographic strength. The CTI sources consistently identify the affected prod...
CVE-2024-22458
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-43757
CVE-2023-43757 concerns ELECOM and LOGITEC router devices with inadequate encryption strength, enabling a network-adjacent, unauthenticated attacker to guess the wireless LAN key and intercept traffic. The Red Hat/Red Hat-applied and JVN entries confirm the core issue and list affected vendors/pr...
Design/Logic Flaw
Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encrypti...
CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
Dell Data Protection Central Encryption Issue Vulnerability
Dell Data Protection Central is a suite of data protection solutions from Dell USA. The product provides single sign-on, dashboards, and system monitoring. A vulnerability exists in Dell Data Protection Central version 19.9 due to an encryption issue that stems from insufficient encryption...
CVE-2023-4129
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...
CVE-2023-4129
CVE-2023-4129 affects Dell Data Protection Central, version 19.9, with an inadequate encryption strength issue. An unauthenticated network attacker could potentially recover plaintext from a block of ciphertext. The connected documents confirm the affected product/version and the underlying cause...