Total
508 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28043 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 6.5 MEDIUM |
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | |||||
CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-11-21 | N/A | 7.0 HIGH |
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||
CVE-2023-27557 | 1 Ibm | 1 Safer Payments | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | |||||
CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | |||||
CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2024-11-21 | N/A | 6.5 MEDIUM |
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
CVE-2023-23695 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.9 MEDIUM |
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||
CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-11-21 | N/A | 6.4 MEDIUM |
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-11-21 | N/A | 6.4 MEDIUM |
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
CVE-2023-22812 | 1 Westerndigital | 1 Sandisk Privateaccess | 2024-11-21 | N/A | 7.4 HIGH |
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. | |||||
CVE-2023-21399 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21115 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | |||||
CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 1.9 LOW |
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | |||||
CVE-2022-45858 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 4.2 MEDIUM |
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. | |||||
CVE-2022-43949 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 6.2 MEDIUM |
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | |||||
CVE-2022-43917 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | |||||
CVE-2022-43843 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. | |||||
CVE-2022-40722 | 1 Pingidentity | 3 Pingfederate, Pingid Adapter For Pingfederate, Pingid Integration Kit | 2024-11-21 | N/A | 7.7 HIGH |
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||||
CVE-2022-39237 | 1 Sylabs | 1 Singularity Image Format | 2024-11-21 | N/A | 6.3 MEDIUM |
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | |||||
CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-11-21 | N/A | 7.5 HIGH |
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
CVE-2022-38391 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Control, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.1 MEDIUM |
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. |