Total
461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4367 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. | |||||
| CVE-2020-4350 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. | |||||
| CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | |||||
| CVE-2020-4254 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. | |||||
| CVE-2020-4191 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | |||||
| CVE-2020-4185 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. | |||||
| CVE-2020-4174 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. | |||||
| CVE-2020-4169 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. | |||||
| CVE-2020-3681 | 1 Qualcomm | 1 - | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. | |||||
| CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2024-11-21 | 4.9 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | |||||
| CVE-2020-36363 | 1 Amazon | 1 Amazon Cloudfront | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | |||||
| CVE-2020-36315 | 1 Relic Project | 1 Relic | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | |||||
| CVE-2020-36201 | 1 Xerox | 60 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 57 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. | |||||
| CVE-2020-29536 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks. | |||||
| CVE-2020-29063 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | |||||
| CVE-2020-28498 | 1 Indutny | 1 Elliptic | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. | |||||
| CVE-2020-28396 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-8021 and 3 more | 2024-11-21 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a userĀ“s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. | |||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-27652 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-27611 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | |||||