273 matches found
PT-2024-22656 · Dell · Dell Emc Data Protection Advisor
Name of the Vulnerable Software and Affected Versions: Dell Data Protection Advisor version 19.9 Description: The issue is related to inadequate encryption strength, which could be exploited by a low-privileged attacker with remote access, potentially leading to denial of service. Recommendations...
RHEL 7 : ruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Fiddle::Function.new heap buffer overflow CVE-2016-2339 - Type confusion exists in canceleval Ruby'...
The vulnerability of the USB Pratirodh software for controlling the use of removable information storage media lies in its insufficient encryption strength, allowing a hacker to obtain the user’s password.
The vulnerability of the USB Pratirodh software for controlling the use of removable information storage media is related to insufficient encryption strength. Exploiting this vulnerability can allow a perpetrator to obtain the user’s password...
PT-2024-1988 · Elinksmart · Esmartcam
Name of the Vulnerable Software and Affected Versions: Elink Smart eSmartCam application version 2.1.5 Description: The issue is related to the use of hardcoded AES encryption keys in the application, which can be extracted from a binary file. This allows an attacker who can observe packet data,...
PT-2024-19436 · Dell · Dell Secure Connect Gateway
Name of the Vulnerable Software and Affected Versions: Dell Secure Connect Gateway version 5.18 Description: The issue is related to inadequate encryption strength, which could be exploited by an unauthenticated network attacker to recover plaintext from a block of ciphertext. Recommendations: Fo...
IBM PowerSC 加密问题漏洞
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decry...
Fedora 38 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-66966ae3d0)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-66966ae3d0 advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...
IBM CICS TX Advanced 安全漏洞
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. A weak algorithmic vulnerability exists in IBM CICS TX Advanced version 10.1, which stems from the use of a weak encryption algorithm that can be exploited by an attacker to decrypt highly...
CVE-2023-46327
Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encrypti...
SUSE CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
Information disclosure
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
mycli Encryption Problem Vulnerability
mycli is a dbcli open source MySQL terminal client with auto-completion and syntax highlighting. A security vulnerability exists in mycli version 1.27.0, which stems from an insufficient encryption strength issue. An attacker can exploit the vulnerability to view sensitive information via...
Code injection
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...
Dell Data Protection Central 加密问题漏洞
Dell Data Protection Central is a suite of data protection solutions from Dell USA. The product provides single sign-on, dashboards, and system monitoring. A vulnerability exists in Dell Data Protection Central version 19.9 due to an encryption issue that stems from insufficient encryption...
Siemens RUGGEDCOM ROX Inadequate Encryption Strength (CVE-2023-36748)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
IBM Storage Copy Data Management 加密问题漏洞
IBM Storage Copy Data Management is a data storage system from International Business Machines IBM. A security vulnerability exists in IBM Storage Copy Data Management versions 2.2.0.0 through 2.2.19.0 that stems from the use of an insufficiently strong encryption algorithm...
twitch-tui security vulnerability
twitch-tui is a terminal chat application from the individual developers at Xithrius. A security vulnerability exists in twitch-tui that stems from the fact that the software disables TLS in the configuration of irc connections, which results in all communication with the Twitch IRC server being...
CVE-2023-34337
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...
CVE-2023-2986
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...
CVE-2022-4048
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application...