Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2017-09-20 CVE-2017-9645 Inadequate Encryption Strength vulnerability in Mirion products
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices).
low complexity
mirion CWE-326
6.5
2017-09-11 CVE-2017-14262 Inadequate Encryption Strength vulnerability in Samsung products
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
network
high complexity
samsung CWE-326
8.1
2017-09-01 CVE-2017-12871 Inadequate Encryption Strength vulnerability in Simplesamlphp
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
network
high complexity
simplesamlphp CWE-326
5.9
2017-08-23 CVE-2017-11317 Inadequate Encryption Strength vulnerability in Telerik UI for Asp.Net Ajax
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
network
low complexity
telerik CWE-326
critical
9.8
2017-08-18 CVE-2015-0575 Inadequate Encryption Strength vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
network
low complexity
google CWE-326
critical
9.8
2017-08-18 CVE-2014-9975 Inadequate Encryption Strength vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
network
low complexity
google CWE-326
critical
9.8
2017-07-19 CVE-2017-1224 Inadequate Encryption Strength vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2017-06-30 CVE-2017-7903 Inadequate Encryption Strength vulnerability in Rockwellautomation products
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-326
critical
9.8
2017-06-08 CVE-2017-1319 Inadequate Encryption Strength vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
network
low complexity
ibm CWE-326
7.5
2017-06-08 CVE-2017-1179 Inadequate Encryption Strength vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
ibm CWE-326
5.9