Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 20 Fedora, Filezilla Server, Mariadb and 17 more | 2023-11-07 | 5.8 MEDIUM | 7.4 HIGH |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | |||||
| CVE-2023-30132 | 1 Ixpdata | 1 Easyinstall | 2023-10-26 | N/A | 7.8 HIGH |
| An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | |||||
| CVE-2023-44690 | 1 Dbcli | 1 Mycli | 2023-10-25 | N/A | 7.5 HIGH |
| Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | |||||
| CVE-2023-43776 | 1 Eaton | 44 Easy-box-e4-ac1, Easy-box-e4-ac1 Firmware, Easy-box-e4-dc1 and 41 more | 2023-10-25 | N/A | 6.6 MEDIUM |
| Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | |||||
| CVE-2023-4129 | 1 Dell | 1 Data Protection Central | 2023-10-02 | N/A | 7.5 HIGH |
| Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | |||||
| CVE-2023-41305 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-28 | N/A | 7.5 HIGH |
| Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-45141 | 1 Samba | 1 Samba | 2023-09-17 | N/A | 9.8 CRITICAL |
| Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | |||||
| CVE-2022-46783 | 1 Stormshield | 1 Ssl Vpn Client | 2023-09-01 | N/A | 5.3 MEDIUM |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. | |||||
| CVE-2023-34971 | 1 Qnap | 2 Qts, Quts Hero | 2023-08-31 | N/A | 8.8 HIGH |
| An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later | |||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2023-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||||
| CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2023-08-10 | N/A | 7.5 HIGH |
| Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | |||||
| CVE-2022-22321 | 1 Ibm | 1 Mq | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. | |||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | |||||
| CVE-2021-44150 | 1 Transloadit | 1 Tusdotnet | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. | |||||
| CVE-2022-25156 | 1 Mitsubishielectric | 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more | 2023-08-08 | 6.8 MEDIUM | 8.1 HIGH |
| Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. | |||||
| CVE-2022-31459 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2023-08-08 | 3.3 LOW | 6.5 MEDIUM |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. | |||||
| CVE-2021-42216 | 1 Anonaddy | 1 Anonaddy | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. | |||||
| CVE-2022-29566 | 1 Bulletproofs Project | 1 Bulletproofs | 2023-08-08 | 6.8 MEDIUM | 8.1 HIGH |
| The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue. | |||||
| CVE-2021-37606 | 1 Meow Hash Project | 1 Meow Hash | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences. | |||||
| CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2023-08-08 | N/A | 9.8 CRITICAL |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | |||||