CVE-2018-18325

Known exploited
Public exploit
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Max CVSS
7.5
EPSS Score
4.33%
Published
2019-07-03
Updated
2023-03-03
CISA KEV Added
2021-11-03

CVE-2018-15811

Known exploited
Public exploit
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
Max CVSS
7.5
EPSS Score
4.33%
Published
2019-07-03
Updated
2023-03-03
CISA KEV Added
2021-11-03

CVE-2017-1000486

Known exploited
Public exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Max CVSS
9.8
EPSS Score
97.01%
Published
2018-01-03
Updated
2018-01-24
CISA KEV Added
2022-01-10

CVE-2017-11317

Known exploited
Public exploit
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Max CVSS
9.8
EPSS Score
8.14%
Published
2017-08-23
Updated
2020-10-20
CISA KEV Added
2022-04-11

CVE-2014-0224

Public exploit
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Max CVSS
7.4
EPSS Score
97.41%
Published
2014-06-05
Updated
2022-08-16

CVE-2013-2566

Public exploit
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Max CVSS
5.9
EPSS Score
0.54%
Published
2013-03-15
Updated
2020-11-23

CVE-2011-3389

Public exploit
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Max CVSS
4.3
EPSS Score
0.85%
Published
2011-09-06
Updated
2022-11-29
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.
Max CVSS
8.0
EPSS Score
0.05%
Published
2024-03-27
Updated
2024-03-28
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-01-25
Updated
2024-01-31
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.
Max CVSS
6.8
EPSS Score
0.12%
Published
2024-01-30
Updated
2024-03-05
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.
Max CVSS
8.3
EPSS Score
0.04%
Published
2024-02-22
Updated
2024-02-22
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-11-20
Updated
2023-11-29
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-27
Updated
2023-12-04
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-11-20
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-12-28
The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-12-28
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-09
Updated
2023-12-28
369 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!