Total
505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38730 | 1 Ibm | 1 Storage Copy Data Management | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268. | |||||
| CVE-2023-38371 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. | |||||
| CVE-2023-37484 | 1 Sap | 1 Powerdesigner | 2024-11-21 | N/A | 5.3 MEDIUM |
| SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | |||||
| CVE-2023-37464 | 1 Cisco | 1 Cjose | 2024-11-21 | N/A | 8.6 HIGH |
| OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). | |||||
| CVE-2023-36749 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | |||||
| CVE-2023-36608 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. | |||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | |||||
| CVE-2023-34758 | 1 Bishopfox | 1 Sliver | 2024-11-21 | N/A | 8.1 HIGH |
| Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. | |||||
| CVE-2023-34130 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34039 | 1 Vmware | 1 Aria Operations For Networks | 2024-11-21 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | |||||
| CVE-2023-32043 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2023-30994 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 | |||||
| CVE-2023-2900 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-28244 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 5.9 MEDIUM |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-28043 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 6.5 MEDIUM |
| Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | |||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-11-21 | N/A | 7.0 HIGH |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||
| CVE-2023-27557 | 1 Ibm | 1 Safer Payments | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | |||||
| CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | |||||