Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40371 | 1 Ibm | 2 Aix, Vios | 2024-09-20 | N/A | 5.5 MEDIUM |
| IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. | |||||
| CVE-2023-37396 | 2024-09-20 | N/A | 2.5 LOW | ||
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | |||||
| CVE-2024-39583 | 1 Dell | 1 Insightiq | 2024-09-16 | N/A | 9.8 CRITICAL |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-45193 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-32911 | 1 Google | 1 Android | 2024-09-06 | N/A | 9.8 CRITICAL |
| There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | |||||
| CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | |||||
| CVE-2024-33663 | 2024-09-03 | N/A | 6.5 MEDIUM | ||
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | |||||
| CVE-2024-4765 | 2024-08-29 | N/A | 8.1 HIGH | ||
| Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | |||||
| CVE-2024-28972 | 1 Dell | 1 Insightiq | 2024-08-23 | N/A | 7.5 HIGH |
| Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-5559 | 1 Schneider-electric | 2 Powerlogic P5, Powerlogic P5 Firmware | 2024-08-23 | N/A | 6.8 MEDIUM |
| CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | |||||
| CVE-2024-36440 | 2024-08-23 | N/A | 6.8 MEDIUM | ||
| An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used. | |||||
| CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 7.5 HIGH |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-40465 | 1 Beego | 1 Beego | 2024-08-15 | N/A | 8.8 HIGH |
| An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file | |||||
| CVE-2024-41270 | 1 Appleboy | 1 Gorush | 2024-08-12 | N/A | 9.1 CRITICAL |
| An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. | |||||
| CVE-2023-38371 | 1 Ibm | 1 Security Access Manager | 2024-08-02 | N/A | 7.5 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. | |||||
| CVE-2024-30098 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-17 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | |||||
| CVE-2024-39731 | 1 Ibm | 1 Datacap | 2024-07-16 | N/A | 7.5 HIGH |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970. | |||||
| CVE-2024-32852 | 1 Dell | 1 Powerscale Onefs | 2024-07-03 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. | |||||
| CVE-2024-31510 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. | |||||