Total
457 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0323 | 1 Br-automation | 1 Automation Runtime | 2024-05-27 | N/A | 9.8 CRITICAL |
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. | |||||
CVE-2024-4563 | 2024-05-23 | N/A | 6.1 MEDIUM | ||
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | |||||
CVE-2024-31989 | 2024-05-22 | N/A | 9.0 CRITICAL | ||
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10. | |||||
CVE-2023-2900 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-05-17 | 2.6 LOW | 7.5 HIGH |
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2018-11209 | 1 Zblogcn | 1 Z-blogphp | 2024-05-17 | 4.0 MEDIUM | 7.2 HIGH |
An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue | |||||
CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-05-17 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
CVE-2024-25968 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
CVE-2020-4874 | 2024-05-06 | N/A | 5.9 MEDIUM | ||
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837. | |||||
CVE-2023-40696 | 2024-05-06 | N/A | 5.9 MEDIUM | ||
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | |||||
CVE-2022-34309 | 1 Ibm | 1 Cics Tx | 2024-04-30 | N/A | 7.5 HIGH |
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | |||||
CVE-2024-29056 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-04-26 | N/A | 4.3 MEDIUM |
Windows Authentication Elevation of Privilege Vulnerability | |||||
CVE-2023-50313 | 1 Ibm | 1 Websphere Application Server | 2024-04-08 | N/A | 6.5 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. | |||||
CVE-2024-25963 | 2024-03-28 | N/A | 5.9 MEDIUM | ||
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
CVE-2024-22463 | 2024-03-04 | N/A | 7.4 HIGH | ||
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information | |||||
CVE-2024-27255 | 2024-03-04 | N/A | 5.9 MEDIUM | ||
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | |||||
CVE-2023-50312 | 2024-03-01 | N/A | 5.3 MEDIUM | ||
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. | |||||
CVE-2024-22458 | 2024-03-01 | N/A | 3.7 LOW | ||
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | |||||
CVE-2023-51392 | 2024-02-23 | N/A | 6.2 MEDIUM | ||
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | |||||
CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2024-02-22 | N/A | 5.3 MEDIUM |
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
CVE-2024-22361 | 1 Ibm | 1 Semeru Runtime | 2024-02-16 | N/A | 7.5 HIGH |
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. |