Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-328

CWE-328

Use of Weak Hash

Parent: CWE-326 - Inadequate Encryption Strength

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

79 vulnerabilities with CWE-328

CVE-2024-56414 MEDIUM

Acronis Cyber Protect <39169 - Info Disclosure

CVE-2024-56516 MEDIUM

free-one-api <1.0.1 - Info Disclosure

CVE-2024-55885 HIGH

beego < 2.3.4 - Use of a Broken or Risky Cryptographic Algorithm

CVE-2024-54143 CRITICAL

openwrt/asu - Hash Collision via Truncated SHA-256

CVE-2024-48847 HIGH

ABB ASPECT/MATRIX/NEXUS Firmware < 3.08.03 - MD5 Checksum Bypass via Weak Hash Validation

CVE-2024-52521 LOW

Nextcloud Server <28.0.10-30.0.0 - Info Disclosure

CVE-2024-48924 HIGH

MessagePack < 2.5.187 and 2.6.95-alpha-3.0.214-rc.1 - Denial of Service via Hash Collision

CVE-2024-8453 MEDIUM

PLANET Technology - Info Disclosure

CVE-2024-8452 HIGH

PLANET Technology - Info Disclosure

CVE-2024-47182 MEDIUM

Dozzle < 8.5.3 - Inadequate Encryption Strength for Password Hashing

CVE-2024-40465 HIGH

beego <2.2.0 - Privilege Escalation

CVE-2024-34914 MEDIUM

php-censor <2.1.4 - Info Disclosure

CVE-2023-5962 MEDIUM

Moxa ioLogik E1200 Series Firmware < 3.3 - Use of a Broken or Risky Cryptographic Algorithm

CVE-2023-44319 MEDIUM

RUGGEDCOM RM1224 LTE(4G) EU/NAM, SCALANCE M804PB/M812-1/M816-1 - In...

CVE-2023-46233 CRITICAL

crypto-js < 4.2.0 - Use of a Broken or Risky Cryptographic Algorithm

CVE-2023-46133 CRITICAL

CryptoES < 2.1.0 - Use of a Broken or Risky Cryptographic Algorithm

CVE-2023-43635 HIGH

EVE OS - PCR Locking

CVE-2023-43630 HIGH

Linux Foundation Edge Virtualization Engine 9.0.0-9.4.9 - Credentials Exposure via PCR14 Bypass

CVE-2023-2900 LOW

NFine Rapid Development Platform 20230511 - Use of Weak Hash in Login Check

CVE-2023-0452 CRITICAL

Econolite EOS < 3.2.23 - Unauthenticated Weak Hash Algorithm in Configuration File

CVE-2022-45141 CRITICAL

Samba < 4.15.13 - Inadequate Encryption Strength in Kerberos Ticket Issuance

CVE-2022-43922 MEDIUM

IBM App Connect Enterprise Certified Container <6.2 - Info Disclosure

CVE-2022-3433 MEDIUM

aeson < 2.0.1.0 - Denial of Service via Hash Collision in JSON Input

CVE-2022-29835 MEDIUM

WD Discovery < 4.4.396 - Inadequate Encryption Strength via SHA-1 Signed Executables

CVE-2022-29249 HIGH

JavaEZ 1.6 - Use of a Broken or Risky Cryptographic Algorithm

Previous Page 3 of 4 Next

Details

Vulnerabilities 79

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy