Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-35221 | Inadequate Encryption Strength vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | 8.8 |
| 2021-02-09 | CVE-2021-21474 | Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. | 6.5 |
| 2021-02-05 | CVE-2020-10375 | Inadequate Encryption Strength vulnerability in Newmediacompany Smarty An issue was discovered in New Media Smarty before 9.10. | 5.5 |
| 2021-02-03 | CVE-2021-25761 | Inadequate Encryption Strength vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | 5.3 |
| 2021-01-20 | CVE-2020-25685 | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 3.7 |
| 2021-01-13 | CVE-2019-4160 | Inadequate Encryption Strength vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-13 | CVE-2021-3131 | Inadequate Encryption Strength vulnerability in 1C 1C:Enterprise The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. | 7.5 |
| 2021-01-01 | CVE-2017-20001 | Inadequate Encryption Strength vulnerability in AES Encryption Project AES Encryption The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. | 7.5 |
| 2020-11-12 | CVE-2020-17494 | Inadequate Encryption Strength vulnerability in Untangle Firewall NG Untangle Firewall NG before 16.0 uses MD5 for passwords. | 5.3 |
| 2020-11-12 | CVE-2020-8761 | Inadequate Encryption Strength vulnerability in Intel Converged Security and Manageability Engine Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |