Lucene search
K

1654 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.161-2.6.12.0.AXS4 (AXSA:2017-2469:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2469:04 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

9.6CVSS8.5AI score0.16181EPSS
Exploits2References17
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.161-2.6.12.0.0.1.el7.AXS7 (AXSA:2017-2478:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2478:04 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

9.6CVSS6.8AI score0.16181EPSS
Exploits2References17
BDU FSTEC
BDU FSTEC
added 2026/01/14 12:0 a.m.4 views

The vulnerability of the User Management Engine component of the SAP NetWeaver Java Application Server web application server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the User Management Engine component of the SAP NetWeaver Java Application Server web application server is related to insufficiently secure data encryption. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

3CVSS5.8AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.7 views

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

7.5CVSS6.4AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.11 views

CVE-2018-18325

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS6.8AI score0.74048EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:42 a.m.7 views

CVE-2001-1546

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file...

7.8CVSS7AI score0.00413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:39 a.m.6 views

CVE-2003-1276

Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEYCURRENTUSER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts...

4.6CVSS7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.11 views

CVE-2021-27457

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

7.5CVSS6.8AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

7.5CVSS6.8AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.6 views

CVE-2019-20775

An issue was discovered on LG mobile devices with Android OS 9.0 Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 August 2019...

5.5CVSS6.5AI score0.00066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.11 views

CVE-2020-10377

A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials...

9.8CVSS7.2AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.11 views

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...

7.2CVSS6.7AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.6 views

CVE-1999-0356

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book...

10CVSS6.9AI score0.01312EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/31 3:23 p.m.6 views

Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)

Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...

7CVSS7AI score0.00145EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/29 9:30 p.m.5 views

EUVD-2025-205644

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...

6CVSS6.1AI score0.00307EPSS
Exploits1References4
CNVD
CNVD
added 2025/12/25 12:0 a.m.2 views

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

7.5CVSS7.1AI score0.0022EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 11:7 a.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim o...

8.2CVSS6.7AI score0.02328EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:30 p.m.4 views

EUVD-2025-203092

Apache StreamPark: Use the user’s password as the secret key Vulnerability...

5.9CVSS6.5AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 6:30 p.m.4 views

GHSA-3HG2-RH4R-8QF6 Apache StreamPark: Use the user’s password as the secret key Vulnerability

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...

8.2CVSS7.1AI score0.0022EPSS
Exploits0References5
Rows per page
Query Builder