Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-326
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-4291 1 Ibm 1 Maximo Anywhere 2022-02-23 6.4 MEDIUM 6.5 MEDIUM
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.
CVE-2022-24318 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2022-02-16 5.0 MEDIUM 7.5 HIGH
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2020-7565 1 Schneider-electric 2 Modicon M221, Modicon M221 Firmware 2022-02-03 4.3 MEDIUM 7.3 HIGH
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
CVE-2021-45458 1 Apache 1 Kylin 2022-01-13 5.0 MEDIUM 7.5 HIGH
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2022-21653 1 Typelevel 1 Jawn 2022-01-12 5.0 MEDIUM 7.5 HIGH
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.
CVE-2021-45484 1 Netbsd 1 Netbsd 2022-01-10 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
CVE-2021-24998 1 Simple Jwt Login Project 1 Simple Jwt Login 2022-01-07 5.0 MEDIUM 7.5 HIGH
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
CVE-2021-45512 1 Netgear 42 D7000, D7000 Firmware, D8500 and 39 more 2022-01-05 7.5 HIGH 9.8 CRITICAL
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.
CVE-2021-36337 1 Dell 1 Wyse Management Suite 2021-12-27 5.8 MEDIUM 7.4 HIGH
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
CVE-2021-38947 2 Ibm, Linux 2 Spectrum Copy Data Management, Linux Kernel 2021-12-15 5.0 MEDIUM 7.5 HIGH
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.
CVE-2020-7069 8 Canonical, Debian, Fedoraproject and 5 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2021-12-02 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2021-20400 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2021-12-02 5.0 MEDIUM 7.5 HIGH
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
CVE-2021-38891 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Sterling Connect\, Linux Kernel and 2 more 2021-11-29 5.0 MEDIUM 7.5 HIGH
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
CVE-2018-1785 2 Apple, Ibm 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments 2021-11-19 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
CVE-2018-1545 2 Apple, Ibm 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments 2021-11-19 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.
CVE-2021-38983 3 Ibm, Linux, Microsoft 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more 2021-11-16 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.
CVE-2021-3789 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2021-11-16 2.1 LOW 4.6 MEDIUM
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
CVE-2021-38984 1 Ibm 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager 2021-11-16 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.
CVE-2021-38464 1 Inhandnetworks 2 Ir615, Ir615 Firmware 2021-10-22 5.8 MEDIUM 7.4 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
CVE-2021-38862 1 Ibm 1 Data Risk Manager 2021-10-18 5.0 MEDIUM 7.5 HIGH
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.