Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1730 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17382 1 Citrix 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware 2025-04-20 N/A
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
CVE-2017-15998 1 Nq 1 Contacts Backup \& Restore 2025-04-20 N/A
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
CVE-2017-15997 1 Nq 1 Contacts Backup \& Restore 2025-04-20 N/A
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
CVE-2012-6707 1 Wordpress 1 Wordpress 2025-04-20 N/A
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.
CVE-2012-4449 1 Apache 1 Hadoop 2025-04-20 N/A
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
CVE-2021-46900 1 Sympa 1 Sympa 2025-04-17 7.5 High
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
CVE-2020-14481 1 Rockwellautomation 1 Factorytalk View 2025-04-17 7.8 High
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
CVE-2022-38659 2 Hcltech, Microsoft 2 Bigfix Platform, Windows 2025-04-17 6 Medium
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
CVE-2021-22644 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2025-04-17 7.5 High
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
CVE-2021-33846 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more 2025-04-16 5.9 Medium
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.
CVE-2021-33018 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-16 7.5 High
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
CVE-2021-31562 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Link\+ and 5 more 2025-04-16 6.5 Medium
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.
CVE-2021-41835 1 Fresenius-kabi 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more 2025-04-16 7.3 High
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.
CVE-2022-22987 1 Advantech 2 Adam-3600, Adam-3600 Firmware 2025-04-16 9.8 Critical
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
CVE-2022-21800 1 Airspan 9 A5x, A5x Firmware, C5c and 6 more 2025-04-16 6.5 Medium
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
CVE-2020-10636 1 Emerson 1 Openenterprise Scada Server 2025-04-16 6.5 Medium
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
CVE-2020-25180 3 Rockwellautomation, Schneider-electric, Xylem 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more 2025-04-16 5.3 Medium
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
CVE-2020-25193 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2025-04-16 5.3 Medium
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
CVE-2021-32945 1 Auvesy-mdt 2 Autosave, Autosave For System Platform 2025-04-16 7.5 High
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.
CVE-2021-33020 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-16 8.2 High
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.