Falhas do tipo CWE-325

50 resultados

CVE-2021-22946HIGHA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqEPSS 4.2%CVE-2020-15086CRITICALPotential Remote Code Execution in TYPO3 with mediace extensionEPSS 2.7%CVE-2021-33560HIGHLibgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attEPSS 2.3%CVE-2020-15098HIGHMissing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMSEPSS 2.2%CVE-2019-3738MEDIUMRSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attackeEPSS 1.7%CVE-2016-9574MEDIUMnss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHEPSS 1.4%CVE-2022-30115—Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provEPSS 1.1%CVE-2017-2600MEDIUMIn jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system cEPSS 1.1%CVE-2017-2598MEDIUMJenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secEPSS 1.1%CVE-2017-2603LOWJenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive datEPSS 1.1%CVE-2020-26244MEDIUMCryptographic issues in Python oicEPSS 0.8%CVE-2018-5383HIGHBluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchangeEPSS 0.8%CVE-2021-31386MEDIUMJunos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.EPSS 0.7%CVE-2023-28998MEDIUMNextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keysEPSS 0.7%CVE-2023-28999MEDIUMNextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE foldersEPSS 0.7%CVE-2024-43547MEDIUMWindows Kerberos Information Disclosure VulnerabilityEPSS 0.7%CVE-2023-39199MEDIUMCryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via networkEPSS 0.6%CVE-2025-60704HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2021-3680MEDIUMMissing Cryptographic Step in star7th/showdocEPSS 0.5%CVE-2023-36539MEDIUMExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.EPSS 0.4%

← anteriorpágina 1 / 3próxima →