Export limit exceeded: 352406 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1639 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7503 | 1 Zend | 1 Zend Framework | 2025-04-20 | N/A |
| Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | ||||
| CVE-2015-0575 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | ||||
| CVE-2021-46900 | 1 Sympa | 1 Sympa | 2025-04-17 | 7.5 High |
| Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | ||||
| CVE-2020-14481 | 1 Rockwellautomation | 1 Factorytalk View | 2025-04-17 | 7.8 High |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | ||||
| CVE-2022-38659 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2025-04-17 | 6 Medium |
| In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | ||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | ||||
| CVE-2021-33846 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2025-04-16 | 5.9 Medium |
| Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users. | ||||
| CVE-2021-33018 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-16 | 7.5 High |
| The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | ||||
| CVE-2021-31562 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Link\+ and 5 more | 2025-04-16 | 6.5 Medium |
| The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information. | ||||
| CVE-2021-41835 | 1 Fresenius-kabi | 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more | 2025-04-16 | 7.3 High |
| Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. | ||||
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2025-04-16 | 9.8 Critical |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | ||||
| CVE-2022-21800 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 6.5 Medium |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords. | ||||
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2025-04-16 | 6.5 Medium |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | ||||
| CVE-2020-25180 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 5.3 Medium |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. | ||||
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 5.3 Medium |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | ||||
| CVE-2021-32945 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 7.5 High |
| An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | ||||
| CVE-2021-33020 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-16 | 8.2 High |
| Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | ||||
| CVE-2022-1318 | 1 Carrier | 2 Hills Comnav, Hills Comnav Firmware | 2025-04-16 | 6.2 Medium |
| Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required. | ||||
| CVE-2020-16235 | 1 Emerson | 1 Openenterprise Scada Server | 2025-04-16 | 3.8 Low |
| Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | ||||
| CVE-2022-2758 | 1 Ls-electric | 469 Gm7, Gm7 Firmware, Gm7u and 466 more | 2025-04-16 | 6.5 Medium |
| Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic. | ||||