CWE-1240
17 CVEs classified under CWE-1240. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-0323 | Critical | 9.8 | 2024-02-05 | The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exp… |
CVE-2025-24802 | High | 8.6 | 2025-01-30 | Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) alwa… |
CVE-2025-62514 | High | 8.3 | 2026-01-29 | Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of… |
CVE-2024-0220 | High | 8.3 | 2024-02-22 | B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A n… |
CVE-2025-58720 | High | 7.8 | 2025-10-14 | Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. |
CVE-2025-46424 | Medium | 6.7 | 2025-11-05 | Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could pot… |
CVE-2026-22705 | Medium | 6.4 | 2026-01-10 | RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2… |
CVE-2023-51392 | Medium | 6.2 | 2024-02-23 | Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromag… |
CVE-2025-64647 | Medium | 5.9 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information |
CVE-2025-14505 | Medium | 5.6 | 2026-01-08 | The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://… |
CVE-2025-29808 | Medium | 5.5 | 2025-04-08 | Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. |
CVE-2026-44410 | Low | 3.8 | 2026-05-26 | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the… |
CVE-2024-37137 | Low | 3.8 | 2024-06-28 | Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker cou… |
CVE-2025-22475 | Low | 3.7 | 2025-02-04 | Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerab… |
CVE-2026-27017 | | 2026-02-20 | uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8… | |
CVE-2025-53960 | | 2025-12-12 | When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker c… | |
CVE-2025-29779 | | 2025-03-14 | Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0… |