Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1764

Summary
Assigner-Canon
Assigner Org ID-f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At-17 May, 2023 | 00:00
Updated At-22 Jan, 2025 | 19:47
Rejected At-
Credits

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Canon
Assigner Org ID:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:17 May, 2023 | 00:00
Updated At:22 Jan, 2025 | 19:47
Rejected At:
▼CVE Numbering Authority (CNA)

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

Affected Products
Vendor
Canon Inc.Canon Inc.
Product
Canon IJ NW Tool
Versions
Affected
  • Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326: Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326: Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://psirt.canon/advisory-information/cp2023-002/
N/A
https://psirt.canon/hardening/
N/A
Hyperlink: https://psirt.canon/advisory-information/cp2023-002/
Resource: N/A
Hyperlink: https://psirt.canon/hardening/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://psirt.canon/advisory-information/cp2023-002/
x_transferred
https://psirt.canon/hardening/
x_transferred
Hyperlink: https://psirt.canon/advisory-information/cp2023-002/
Resource:
x_transferred
Hyperlink: https://psirt.canon/hardening/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:17 May, 2023 | 01:15
Updated At:07 Nov, 2023 | 04:04

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches

Canon Inc.
canon
>>ij_network_tool>>Versions up to 4.7.3(inclusive)
cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.7.5(inclusive) to 10.8.0(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>ij_network_tool>>Versions up to 4.7.5(inclusive)
cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.9.5(inclusive) to 10.15(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 11.0(inclusive) to 13.0(inclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE-326Secondaryf98c90f0-e9bd-4fa7-911b-51993f3571fd
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-326
Type: Secondary
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://psirt.canon/advisory-information/cp2023-002/f98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
https://psirt.canon/hardening/f98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
Hyperlink: https://psirt.canon/advisory-information/cp2023-002/
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A
Hyperlink: https://psirt.canon/hardening/
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

26Records found

CVE-2021-30866
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.59%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:49
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSwatchOSiOS and iPadOS
CVE-2023-36000
Matching Score-8
Assigner-Proofpoint Inc.
ShareView Details
Matching Score-8
Assigner-Proofpoint Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.75%
||
7 Day CHG+0.03%
Published-27 Jun, 2023 | 14:32
Updated-06 Nov, 2024 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITM Server Missing Authorization for Agent Config

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Action-Not Available
Vendor-proofpointProofpointApple Inc.
Product-macosinsider_threat_management_serverInsider Threat Management
CWE ID-CWE-862
Missing Authorization
CVE-2026-20685
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 9.30%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 15:19
Updated-30 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.

Action-Not Available
Vendor-Apple Inc.
Product-private_cloud_computePrivate Cloud Compute Server Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-13879
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.19%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:38
Updated-01 Jul, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLCApple Inc.Linux Kernel Organization, Inc
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2026-14048
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:39
Updated-01 Jul, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLCApple Inc.Linux Kernel Organization, Inc
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2023-23528
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 26.81%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-02 Aug, 2024 | 10:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvostvOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-1763
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.60%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 00:00
Updated-22 Jan, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.

Action-Not Available
Vendor-Apple Inc.Canon Inc.
Product-ij_network_toolmacosmac_os_xCanon IJ NW Tool
CWE ID-CWE-549
Missing Password Field Masking
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-2399
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 3.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-5889
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 1.12%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-14 Apr, 2026 | 11:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-1241
Matching Score-6
Assigner-Fortra, LLC
ShareView Details
Matching Score-6
Assigner-Fortra, LLC
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 2.72%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 14:10
Updated-23 Apr, 2026 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

Action-Not Available
Vendor-Apple Inc.Fortra LLCMicrosoft CorporationLinux Kernel Organization, Inc
Product-goanywhere_managed_file_transfergoanywhere_agentswindowsmacoslinux_kernelGoAnywhere MFT
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-11935
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 9.90%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 22:04
Updated-08 Dec, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forward Secrecy Violation in WolfSSL TLS 1.3

With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.

Action-Not Available
Vendor-wolfsslwolfSSLApple Inc.Linux Kernel Organization, Inc
Product-macoslinux_kernelwolfsslwolfSSL
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2009-2474
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.38% / 68.78%
||
7 Day CHG~0.00%
Published-21 Aug, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Action-Not Available
Vendor-webdavn/aCanonical Ltd.Apple Inc.Fedora Project
Product-ubuntu_linuxneonmac_os_xfedoran/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-32414
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.6||HIGH
EPSS-0.17% / 6.53%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1785
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-1.13% / 62.41%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 15:00
Updated-16 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-1545
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.97% / 57.41%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 15:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Action-Not Available
Vendor-IBM CorporationApple Inc.
Product-spectrum_protect_clientmacosspectrum_protect_for_virtual_environmentsSpectrum Protect
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-2380
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.61%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-2391
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.96% / 57.17%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.

Action-Not Available
Vendor-n/aApple Inc.
Product-keynotepagesnumbersn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2016-4685
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.58% / 43.58%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2016-4693
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.21%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-55248
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.68% / 47.94%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-windows_server_2012windowswindows_10_21h2windows_11_24h2windows_server_2022.net_frameworkwindows_server_2022_23h2windows_11_22h2visual_studio_2022windows_server_2008windows_11_23h2.netwindows_10_1607linux_kernelwindows_10_22h2windows_10_1809macoswindows_server_2019windows_11_25h2windows_server_2016Microsoft .NET Framework 2.0 Service Pack 2.NET 9.0Microsoft .NET Framework 4.6.2Microsoft Visual Studio 2022 version 17.10Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-20667
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.51%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 02:49
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8788mt6879mt6989mt6853tmt8791tmt6813mt6883nr17lr13mt6833pmt6762mt6769tmt8786mt6890mt6893mt6878mmt6877tmt6771mt6980mt6875tmt8768nr17rmt6769zmt6835tmt8791mt6990mt6833mt6873mt6983tmt6785nr15lr12amt8771mt8765mt6767mt6783mt6895ttmt6891mt6779mt6980dmt6875mt6769kmt6855tmt8676mt6765tmt6885mt6991mt2737mt6835mt8666mt6739nr16mt6897mt6855mt6789mt6985mt2735mt6781mt6768mt6853mt6762dmt6889mt8667mt8788emt6878mt6880mt8797mt6985tmt6895mt6896mt8766mt8781mt6762mmt6983mt6769mt6877mt6886mt8789mt6765mt6761mt8675mt6899mt6785tmt6769smt6989tmt6763mt6785umt6877ttMT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-32753
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.18% / 7.71%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 15:26
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Directory information disclosure

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorySecurity Verify Directory
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-31459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.79% / 51.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:40
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

Action-Not Available
Vendor-owllabsn/a
Product-meeting_owl_promeeting_owl_pro_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-43757
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 38.94%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 06:21
Updated-02 Aug, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrh-150wh_firmwarewrc-2533ghbk-iwrc-1750ghbk_firmwarewrh-150whwrc-300febkwrc-733ghbk-c_firmwarewrh-300wh2-s_firmwarewrh-h300whlan-wh300ndgpe_firmwarewrc-1167ghbkwrh-150bk_firmwarewrc-1750ghbk2-ilan-wh300ndgpewrc-f300nfwrh-300wh-hwrh-300wh-swrc-733febkwrh-300wh-h_firmwarewrh-300bk-swrc-300ghbk2-i_firmwarewrh-300svwrc-733ghbk-cwrc-300ghbklan-w301nr_firmwarelan-wh300n\/dgp_firmwarewrc-733ghbk-ilan-w300n\/rslan-w300n\/pwrc-1167ghbk2wrh-300bk_firmwarewrc-2533ghbk-i_firmwarewrh-300rd_firmwarewrc-300febk_firmwarewrc-300ghbk2-iwrc-1750ghbk-ewrh-300wh-s_firmwarewrc-f1167acf_firmwarewrc-1167ghbk2_firmwarewrh-300wh_firmwarewrh-300bkwrh-150bkwrc-733ghbklan-w301nrwrh-300wh2-swrc-f300nf_firmwarelan-w300n\/p_firmwarewrh-h300bkwrc-1750ghbk-e_firmwarewrh-300bk-s_firmwarewrc-300ghbk_firmwarewrh-300whwrc-733ghbk_firmwarewrh-300bk2-slan-wh300n\/dgpwrc-733ghbk-i_firmwarewrh-300rdwrh-h300wh_firmwarelan-w300n\/rs_firmwarewrh-300bk2-s_firmwarewrh-h300bk_firmwarewrh-300sv_firmwarewrc-f1167acfwrc-2533ghbk2-t_firmwarewrc-1750ghbk2-i_firmwarewrc-2533ghbk2-twrc-1750ghbkwrc-1167ghbk_firmwarewrc-733febk_firmwareWRH-300WH-HWRH-300SVWRC-300GHBKWRC-733FEBKWRH-H300BKWRC-300FEBKWRH-300BK-SWRC-1750GHBK2-IWRH-300WH2-SLAN-WH300NDGPEWRC-1167GHBK2WRC-2533GHBK-IWRC-733GHBK-CWRH-H300WHWRC-1167GHBKWRC-733GHBKWRH-150BKWRC-1750GHBKWRC-2533GHBK2-TWRH-300RDLAN-W301NRLAN-W300N/RSWRC-1750GHBK-EWRC-F1167ACFWRH-150WHLAN-W300N/PWRH-300WHWRC-733GHBK-IWRH-300BKLAN-WH300N/DGPWRH-300BK2-SWRC-F300NFWRC-300GHBK2-IWRH-300WH-S
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-24502
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.17% / 6.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electra Central AC unit – Easily calculated password

Electra Central AC unit – The unit opens an AP with an easily calculated password.

Action-Not Available
Vendor-electra-airElectra
Product-central_ac_unit_firmwarecentral_ac_unitElectra Central AC unit
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-18241
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.72%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 23:25
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.

Action-Not Available
Vendor-n/aPhilips
Product-intellibridge_ec80intellibridge_ec40intellibridge_ec40_firmwareintellibridge_ec80_firmwarePhilips IntelliBridge EC40 and EC80
CWE ID-CWE-326
Inadequate Encryption Strength
Details not found