Total
459 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43189 | 2024-11-18 | N/A | 5.9 MEDIUM | ||
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
CVE-2024-20070 | 2024-11-15 | N/A | 5.1 MEDIUM | ||
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. | |||||
CVE-2020-11916 | 2024-11-08 | N/A | 6.3 MEDIUM | ||
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. | |||||
CVE-2024-51556 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | N/A | 6.5 MEDIUM |
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs leading to unauthorized access to sensitive information belonging to other users. | |||||
CVE-2024-51478 | 2024-11-01 | N/A | 9.9 CRITICAL | ||
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | |||||
CVE-2024-10128 | 1 Topdata | 1 Inner Rep Plus | 2024-10-30 | 3.3 LOW | 4.9 MEDIUM |
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-10-29 | N/A | 7.1 HIGH |
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-10-29 | N/A | 7.1 HIGH |
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
CVE-2023-5962 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-10-28 | N/A | 6.5 MEDIUM |
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | |||||
CVE-2024-47188 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. | |||||
CVE-2024-47187 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. | |||||
CVE-2024-48016 | 2024-10-21 | N/A | 4.6 MEDIUM | ||
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. | |||||
CVE-2020-28498 | 1 Indutny | 1 Elliptic | 2024-10-16 | 4.3 MEDIUM | 6.8 MEDIUM |
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. | |||||
CVE-2023-49259 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-10-10 | N/A | 7.5 HIGH |
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. | |||||
CVE-2022-34310 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-10-10 | N/A | 7.5 HIGH |
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | |||||
CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-10-09 | N/A | 7.8 HIGH |
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | |||||
CVE-2024-8452 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 7.5 HIGH |
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially. | |||||
CVE-2023-37484 | 1 Sap | 1 Powerdesigner | 2024-09-26 | N/A | 5.3 MEDIUM |
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | |||||
CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 7.5 HIGH |
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | |||||
CVE-2024-29175 | 1 Dell | 1 Data Domain Operating System | 2024-09-23 | N/A | 5.9 MEDIUM |
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information. |