Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-9128 Inadequate Encryption Strength vulnerability in Huawei Fusioncompute 8.0.0
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability.
local
low complexity
huawei CWE-326
4.4
2020-10-29 CVE-2020-5938 Inadequate Encryption Strength vulnerability in F5 products
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.
network
low complexity
f5 CWE-326
6.5
2020-10-21 CVE-2020-3549 Inadequate Encryption Strength vulnerability in Cisco Firepower Threat Defense
A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash.
network
high complexity
cisco CWE-326
8.1
2020-10-02 CVE-2020-7069 Inadequate Encryption Strength vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used.
6.5
2020-08-26 CVE-2020-5917 Inadequate Encryption Strength vulnerability in F5 products
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.
network
high complexity
f5 CWE-326
5.9
2020-08-21 CVE-2020-10125 Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.
low complexity
ncr CWE-326
7.6
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
8.8
2020-07-23 CVE-2020-10919 Inadequate Encryption Strength vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels.
network
high complexity
automationdirect CWE-326
5.9
2020-07-08 CVE-2020-1982 Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.
network
high complexity
paloaltonetworks CWE-326
4.8
2020-07-01 CVE-2017-1712 Inadequate Encryption Strength vulnerability in Hcltech Domino 9.0
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack.
network
high complexity
hcltech CWE-326
5.9