Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38925 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | |||||
| CVE-2021-3789 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. | |||||
| CVE-2021-38464 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. | |||||
| CVE-2021-38947 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. | |||||
| CVE-2021-23855 | 1 Bosch | 4 Rexroth Indramotion Mlc, Rexroth Indramotion Mlc Firmware, Rexroth Indramotion Xlc and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. | |||||
| CVE-2021-38984 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. | |||||
| CVE-2021-42216 | 1 Anonaddy | 1 Anonaddy | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. | |||||
| CVE-2021-28095 | 1 Open-xchange | 1 Open-xchange Documents | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32. | |||||
| CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | |||||
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. | |||||
| CVE-2018-16499 | 1 Versa-networks | 1 Versa Operating System | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements). | |||||
| CVE-2021-37606 | 1 Meow Hash Project | 1 Meow Hash | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences. | |||||
| CVE-2020-27208 | 2 Nitrokey, Solokeys | 6 Fido2, Fido2 Firmware, Solo and 3 more | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface. | |||||
| CVE-2021-25392 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. | |||||
| CVE-2021-23982 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | |||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | |||||
| CVE-2021-32496 | 1 Sick | 2 Visionary-s Cx, Visionary-s Cx Firmware | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
| SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks. | |||||
| CVE-2021-20369 | 1 Ibm | 1 Cloud Pak For Applications | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | |||||
| CVE-2020-27020 | 1 Kaspersky | 1 Password Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). | |||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | |||||