Total
505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28509 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 7.5 HIGH |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire. | |||||
| CVE-2024-4282 | 2025-02-15 | N/A | N/A | ||
| Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | |||||
| CVE-2024-10405 | 2025-02-15 | N/A | N/A | ||
| Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network. | |||||
| CVE-2024-49797 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.9 MEDIUM |
| IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2023-51392 | 1 Silabs | 1 Emberznet | 2025-02-12 | N/A | 6.2 MEDIUM |
| Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | |||||
| CVE-2025-22475 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | N/A | 3.7 LOW |
| Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering. | |||||
| CVE-2022-45170 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user. | |||||
| CVE-2022-43934 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | |||||
| CVE-2024-28980 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 6.5 MEDIUM |
| Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | |||||
| CVE-2024-37137 | 1 Dell | 1 Cloudlink | 2025-02-03 | N/A | 3.8 LOW |
| Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. | |||||
| CVE-2024-26317 | 2025-01-28 | N/A | 6.1 MEDIUM | ||
| In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. | |||||
| CVE-2022-3365 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
| Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved. | |||||
| CVE-2022-36937 | 1 Facebook | 1 Hhvm | 2025-01-27 | N/A | 9.8 CRITICAL |
| HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. | |||||
| CVE-2024-38320 | 2025-01-27 | N/A | 5.9 MEDIUM | ||
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-22347 | 2025-01-20 | N/A | 5.9 MEDIUM | ||
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-8603 | 2025-01-15 | N/A | 7.5 HIGH | ||
| A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices. | |||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2025-01-14 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-27652 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-46140 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | N/A | 6.5 MEDIUM |
| Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. | |||||
| CVE-2024-55539 | 2025-01-09 | N/A | 2.5 LOW | ||
| Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. | |||||