Total
457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49259 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-01-18 | N/A | 7.5 HIGH |
| The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. | |||||
| CVE-2021-46900 | 1 Sympa | 1 Sympa | 2024-01-10 | N/A | 7.5 HIGH |
| Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | |||||
| CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 7.5 HIGH |
| HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | |||||
| CVE-2019-18340 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-01-09 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. | |||||
| CVE-2023-34039 | 1 Vmware | 1 Aria Operations For Networks | 2024-01-09 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | |||||
| CVE-2023-5962 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-01-03 | N/A | 6.5 MEDIUM |
| A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | |||||
| CVE-2020-1596 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 2.9 LOW | 5.4 MEDIUM |
| <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p> | |||||
| CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2023-12-29 | N/A | 9.1 CRITICAL |
| An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | |||||
| CVE-2023-50481 | 1 Blinksocks | 1 Blinksocks | 2023-12-29 | N/A | 7.5 HIGH |
| An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. | |||||
| CVE-2022-43843 | 1 Ibm | 1 Spectrum Scale | 2023-12-19 | N/A | 7.5 HIGH |
| IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. | |||||
| CVE-2022-24403 | 1 Midnightblue | 1 Tetra\ | 2023-12-12 | N/A | 4.3 MEDIUM |
| The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. | |||||
| CVE-2021-27795 | 1 Broadcom | 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more | 2023-12-11 | N/A | 8.1 HIGH |
| Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | |||||
| CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2023-12-06 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
| CVE-2023-38361 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-29 | N/A | 7.5 HIGH |
| IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | |||||
| CVE-2023-46233 | 1 Crypto-js Project | 1 Crypto-js | 2023-11-27 | N/A | 9.1 CRITICAL |
| crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. | |||||
| CVE-2023-47640 | 1 Datahub Project | 1 Datahub | 2023-11-22 | N/A | 8.8 HIGH |
| DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-45450 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2023-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||
| CVE-2020-7339 | 1 Mcafee | 1 Database Security | 2023-11-16 | 5.8 MEDIUM | 6.3 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | |||||
| CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2023-11-09 | 4.9 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | |||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||