Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4099 | 1 Hcltech | 1 Verse | 2024-02-28 | N/A | 7.5 HIGH |
| The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | |||||
| CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2024-02-28 | N/A | 9.8 CRITICAL |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | |||||
| CVE-2022-3433 | 1 Haskell | 1 Aeson | 2024-02-28 | N/A | 6.5 MEDIUM |
| The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. | |||||
| CVE-2022-45379 | 1 Jenkins | 1 Script Security | 2024-02-28 | N/A | 7.5 HIGH |
| Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | |||||
| CVE-2022-21139 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2024-02-28 | N/A | 8.8 HIGH |
| Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2022-29835 | 1 Westerndigital | 1 Wd Discovery | 2024-02-28 | N/A | 5.3 MEDIUM |
| WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows. | |||||
| CVE-2022-22453 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919. | |||||
| CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2024-02-28 | N/A | 5.2 MEDIUM |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | |||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
| An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | |||||
| CVE-2022-36555 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | |||||
| CVE-2022-2758 | 1 Ls-electric | 469 Gm7, Gm7 Firmware, Gm7u and 466 more | 2024-02-28 | N/A | 5.9 MEDIUM |
| Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic. | |||||
| CVE-2022-35931 | 1 Nextcloud | 1 Password Policy | 2024-02-28 | N/A | 2.7 LOW |
| Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. | |||||
| CVE-2022-3273 | 1 Ikus-soft | 1 Rdiffweb | 2024-02-28 | N/A | 9.8 CRITICAL |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2021-32010 | 1 Secomea | 27 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 24 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. | |||||
| CVE-2019-4291 | 1 Ibm | 1 Maximo Anywhere | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697. | |||||
| CVE-2022-24318 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | |||||
| CVE-2022-29249 | 1 Javaez Project | 1 Javaez | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. | |||||
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||||
| CVE-2022-29161 | 1 Xwiki | 1 Xwiki | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. | |||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | |||||