Total
457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41168 | 1 Reddit | 1 Snudown | 2023-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0. | |||||
| CVE-2021-39182 | 1 Enrocrypt Project | 1 Enrocrypt | 2023-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`. | |||||
| CVE-2022-39237 | 1 Sylabs | 1 Singularity Image Format | 2023-07-14 | N/A | 9.8 CRITICAL |
| syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | |||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2023-07-12 | N/A | 5.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | |||||
| CVE-2023-36608 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2023-07-10 | N/A | 6.5 MEDIUM |
| The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. | |||||
| CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-07-05 | N/A | 7.5 HIGH |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | |||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2023-07-03 | N/A | 7.8 HIGH |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||
| CVE-2023-28043 | 1 Dell | 1 Secure Connect Gateway | 2023-06-23 | N/A | 6.5 MEDIUM |
| Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | |||||
| CVE-2023-21115 | 1 Google | 1 Android | 2023-06-22 | N/A | 8.8 HIGH |
| In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | |||||
| CVE-2023-0452 | 1 Econolite | 1 Eos | 2023-06-20 | N/A | 5.3 MEDIUM |
| Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. | |||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2023-05-25 | N/A | 7.5 HIGH |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2019-9013 | 1 Codesys | 12 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 9 more | 2023-05-16 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. | |||||
| CVE-2021-20406 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2023-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184. | |||||
| CVE-2022-22313 | 1 Ibm | 1 Qradar Data Synchronization | 2023-05-11 | N/A | 7.5 HIGH |
| IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | |||||
| CVE-2023-30441 | 1 Ibm | 4 Infosphere Information Server, Java, Websphere Application Server and 1 more | 2023-05-09 | N/A | 7.5 HIGH |
| IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | |||||
| CVE-2023-27557 | 1 Ibm | 1 Safer Payments | 2023-05-05 | N/A | 7.5 HIGH |
| IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | |||||
| CVE-2022-40722 | 1 Pingidentity | 3 Pingfederate, Pingid Adapter For Pingfederate, Pingid Integration Kit | 2023-05-04 | N/A | 5.8 MEDIUM |
| A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||||
| CVE-2020-13135 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2023-04-26 | 3.3 LOW | 6.5 MEDIUM |
| D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | |||||
| CVE-2022-45170 | 1 Liveboxcloud | 1 Vdesk | 2023-04-19 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user. | |||||
| CVE-2023-28509 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2023-04-06 | N/A | 7.5 HIGH |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire. | |||||