485 matches found
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...
MetaCPAN Net::OAuth 安全漏洞
MetaCPAN Net::OAuth is a package from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::OAuth, which stems from the fact that the default nonce is a 32-bit integer generated by the built-in rand function, which is not cryptographically strong...
Inadequate Encryption Strength
github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of UUID v1 for token generation, which incorporates predictable elements like timestamps and node identifiers, allowing an attacker to predict or forge UUID tokens, potentially...
Apache Answer: Predictable Authorization Token Using UUIDv1
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...
GHSA-MR95-VFCF-FX9P Apache Answer: Predictable Authorization Token Using UUIDv1
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...
CVE-2024-45719
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...
CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...
CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...
PT-2024-31737 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.4.0 Description: The issue is related to inadequate encryption strength in Apache Answer, specifically with the use of UUID v1 version for generating ids. This can cause the generated token to be predictable,...
Inadequate Encryption Strength
github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of MD5 hashing for a user's email when accessing Gravatar, which is insecure and can lead to the leakage of user emails. The recommended fix is to upgrade to version 1.4.0, whic...
Apache Answer: Avatar URL leaked user email addresses
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...
PT-2024-29029 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue is related to inadequate encryption strength, where the MD5 value of a user's email is used to access Gravatar, leading to potential leakage of user email. The official recommendatio...
CVE-2024-21787
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2024-21787
Summary: CVE-2024-21787 describes inadequate encryption strength in BMRA software prior to version 22.08 that may allow an authenticated local user to escalate privileges. The issue affects BMRA software before 22.08 and is supported by multiple sources (Intel advisory INTEL-SA-00790, Red Hat CVE...
CVE-2024-21787
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access...
Siemens Location Intelligence suffers from insufficient encryption strength vulnerability
Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from an insufficient encryption strength vulnerability, which can be exploited by ...
Siemens Location Intelligence
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-5800
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...