Lucene search
+L

485 matches found

RedhatCVE
RedhatCVE
added 2025/01/03 10:49 p.m.18 views

CVE-2025-22376

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...

4.8CVSS6.8AI score0.00595EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/03 12:0 a.m.8 views

MetaCPAN Net::OAuth 安全漏洞

MetaCPAN Net::OAuth is a package from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::OAuth, which stems from the fact that the default nonce is a 32-bit integer generated by the built-in rand function, which is not cryptographically strong...

5.3CVSS5AI score0.00595EPSS
Exploits0References3
Veracode
Veracode
added 2024/12/02 5:26 a.m.12 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of UUID v1 for token generation, which incorporates predictable elements like timestamps and node identifiers, allowing an attacker to predict or forge UUID tokens, potentially...

2.6CVSS6.7AI score0.00229EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/22 9:32 p.m.22 views

Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS7AI score0.00229EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/11/22 9:32 p.m.15 views

GHSA-MR95-VFCF-FX9P Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS3.5AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2024/11/22 3:15 p.m.13 views

CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 2:36 p.m.17 views

CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

6.8AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/22 2:36 p.m.21 views

CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.6 views

PT-2024-31737 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.4.0 Description: The issue is related to inadequate encryption strength in Apache Answer, specifically with the use of UUID v1 version for generating ids. This can cause the generated token to be predictable,...

8.1CVSS6AI score0.03001EPSS
Exploits3References36
Veracode
Veracode
added 2024/09/26 5:41 a.m.15 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of MD5 hashing for a user's email when accessing Gravatar, which is insecure and can lead to the leakage of user emails. The recommended fix is to upgrade to version 1.4.0, whic...

5.3CVSS6.7AI score0.00749EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/25 9:30 a.m.25 views

Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

5.3CVSS7.1AI score0.00749EPSS
Exploits0References15Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 7:31 a.m.21 views

CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

5.3AI score0.00749EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/25 7:31 a.m.45 views

CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

0.00749EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.4 views

PT-2024-29029 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue is related to inadequate encryption strength, where the MD5 value of a user's email is used to access Gravatar, leading to potential leakage of user email. The official recommendatio...

6.9CVSS6.2AI score0.00749EPSS
Exploits0References25
NVD
NVD
added 2024/08/14 2:15 p.m.7 views

CVE-2024-21787

Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.1CVSS0.00074EPSS
Exploits0References1
CVE
CVE
added 2024/08/14 1:45 p.m.50 views

CVE-2024-21787

Summary: CVE-2024-21787 describes inadequate encryption strength in BMRA software prior to version 22.08 that may allow an authenticated local user to escalate privileges. The issue affects BMRA software before 22.08 and is supported by multiple sources (Intel advisory INTEL-SA-00790, Red Hat CVE...

7.1CVSS7.2AI score0.00074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 1:45 p.m.14 views

CVE-2024-21787

Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.1CVSS7.2AI score0.00074EPSS
Exploits0References1
CNVD
CNVD
added 2024/08/14 12:0 a.m.8 views

Siemens Location Intelligence suffers from insufficient encryption strength vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from an insufficient encryption strength vulnerability, which can be exploited by ...

7.5CVSS6.8AI score0.00157EPSS
Exploits0References1
ICS
ICS
added 2024/08/13 12:0 a.m.27 views

Siemens Location Intelligence

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6.6AI score0.00444EPSS
Exploits0References10
OSV
OSV
added 2024/08/12 1:38 p.m.4 views

CVE-2024-5800

Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder