Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2016-9121 Inadequate Encryption Strength vulnerability in Go-Jose Project Go-Jose
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm.
network
low complexity
go-jose-project CWE-326
critical
9.1
2017-03-27 CVE-2017-5239 Inadequate Encryption Strength vulnerability in Eviewgps Ev-07S GPS Tracker Firmware
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
network
low complexity
eviewgps CWE-326
7.5
2017-03-23 CVE-2016-6225 Inadequate Encryption Strength vulnerability in multiple products
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack.
network
high complexity
percona opensuse fedoraproject CWE-326
5.9
2017-03-06 CVE-2017-5999 Inadequate Encryption Strength vulnerability in Syspass 2.0
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers.
network
low complexity
syspass CWE-326
7.5
2017-03-01 CVE-2016-2879 Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials.
local
low complexity
ibm CWE-326
7.8
2017-02-20 CVE-2016-4693 Inadequate Encryption Strength vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-326
7.5
2017-02-20 CVE-2016-4685 Inadequate Encryption Strength vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-326
5.9
2017-02-16 CVE-2016-5919 Inadequate Encryption Strength vulnerability in IBM products
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2017-02-01 CVE-2016-3034 Inadequate Encryption Strength vulnerability in IBM Security Appscan Source 9.0.1/9.0.2/9.0.3
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
local
low complexity
ibm CWE-326
4.4
2017-01-30 CVE-2016-7798 Inadequate Encryption Strength vulnerability in multiple products
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
network
low complexity
ruby-lang debian CWE-326
7.5