Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-5938 | Inadequate Encryption Strength vulnerability in F5 products On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | 6.5 |
| 2020-10-21 | CVE-2020-3549 | Inadequate Encryption Strength vulnerability in Cisco Firepower Management Center A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. | 8.1 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-08-26 | CVE-2020-5917 | Inadequate Encryption Strength vulnerability in F5 products In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | 5.9 |
| 2020-08-21 | CVE-2020-10125 | Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00 NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | 7.6 |
| 2020-07-29 | CVE-2020-5763 | Inadequate Encryption Strength vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. | 8.8 |
| 2020-07-23 | CVE-2020-10919 | Inadequate Encryption Strength vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 5.9 |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | 4.8 |
| 2020-07-01 | CVE-2017-1712 | Inadequate Encryption Strength vulnerability in Hcltech Domino 9.0 "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 5.9 |
| 2020-06-24 | CVE-2020-10275 | Inadequate Encryption Strength vulnerability in multiple products The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. | 9.8 |