Skip to main content

CWE-649

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

4 CVEs Avg CVSS 7.2 MITRE
0
CRITICAL
2
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-41351 Monitor

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2024-10772 HIGH This Week

Since the firmware update is not validated, an attacker can install modified firmware on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36279 MEDIUM This Month

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2019-3730 HIGH This Week

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0%
Monitor

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs.

Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Since the firmware update is not validated, an attacker can install modified firmware on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 1% CVSS 7.5
HIGH This Week

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Bsafe Micro Edition Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy