Lucene search
K

46 matches found

Veracode
Veracode
added 2026/05/14 5:49 p.m.18 views

Inadequate Encryption Strength

github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...

10CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/02/11 3:13 p.m.5 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation Upgrade...

8.2CVSS5.7AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/11 3:13 p.m.7 views

Inadequate Encryption Strength

Overview github.com/pion/dtls is a DTLS 1.2 Server/Client implementation for Go. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by...

8.2CVSS5.7AI score0.00619EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-19492

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00287EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.23 views

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat (CVE-2024-52317)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat Vulnerability Details CVEID:CVE-2024-52317 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by an incorrect recycling of the request and response used by HTTP/2 requests. A...

6.5CVSS6.4AI score0.02008EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/17 8:2 p.m.6 views

CVE-2024-13026 Inadequate Encryption Strength Vulnerability in Roche Algo Edge

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used legacy component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft...

6.1CVSS6.6AI score0.00124EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/02 5:26 a.m.12 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of UUID v1 for token generation, which incorporates predictable elements like timestamps and node identifiers, allowing an attacker to predict or forge UUID tokens, potentially...

2.6CVSS6.7AI score0.00229EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/22 9:32 p.m.13 views

GHSA-MR95-VFCF-FX9P Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS3.5AI score0.00229EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/22 9:32 p.m.22 views

Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS7AI score0.00229EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/11/22 2:36 p.m.18 views

CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

0.00229EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/26 5:41 a.m.13 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of MD5 hashing for a user's email when accessing Gravatar, which is insecure and can lead to the leakage of user emails. The recommended fix is to upgrade to version 1.4.0, whic...

5.3CVSS6.7AI score0.00749EPSS
Exploits0References14Affected Software1
Cvelist
Cvelist
added 2024/09/25 7:31 a.m.43 views

CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

0.00749EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/25 7:31 a.m.21 views

CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

5.3AI score0.00749EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/10 5:44 p.m.30 views

CVE-2024-21881 Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x

Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x...

8.6CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2024/08/10 5:44 p.m.56 views

CVE-2024-21881

CVE-2024-21881 affects Envoy 4.x through 5.x. The vulnerability is an Inadequate Encryption Strength issue that allows an authenticated attacker to execute arbitrary OS commands via encrypted package upload. Connected documents confirm affected software and the underlying issue, and indicate ther...

8.6CVSS7.2AI score0.00287EPSS
Exploits0References3
Veracode
Veracode
added 2024/06/11 7:59 a.m.16 views

Inadequate Encryption Strength

Ninja Core is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the encrypt method in the CookieEncryption class which uses AES with default padding, leading to the possible leakage of sensitive cookie information...

7.5CVSS6.5AI score0.0078EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2024/06/11 12:0 a.m.41 views

Siemens SCALANCE XM-400, XR-500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

5.9CVSS8.6AI score0.16195EPSS
Exploits0References12
ICS
ICS
added 2024/06/11 12:0 a.m.68 views

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS9.4AI score0.20444EPSS
Exploits10References12
NVD
NVD
added 2024/03/01 11:15 a.m.27 views

CVE-2024-22458

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...

5.3CVSS4.2AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder