Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25963 | 2024-03-28 | N/A | 5.9 MEDIUM | ||
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-22463 | 2024-03-04 | N/A | 7.4 HIGH | ||
| Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information | |||||
| CVE-2024-27255 | 2024-03-04 | N/A | 5.9 MEDIUM | ||
| IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | |||||
| CVE-2023-50312 | 2024-03-01 | N/A | 5.3 MEDIUM | ||
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. | |||||
| CVE-2024-22458 | 2024-03-01 | N/A | 3.7 LOW | ||
| Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | |||||
| CVE-2023-51838 | 1 Meshcentral | 1 Meshcentral | 2024-02-28 | N/A | 7.5 HIGH |
| Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
| CVE-2023-50481 | 1 Blinksocks | 1 Blinksocks | 2024-02-28 | N/A | 7.5 HIGH |
| An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. | |||||
| CVE-2023-50939 | 1 Ibm | 1 Powersc | 2024-02-28 | N/A | 7.5 HIGH |
| IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | |||||
| CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2024-02-28 | N/A | 9.1 CRITICAL |
| An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | |||||
| CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2024-02-28 | N/A | 9.1 CRITICAL |
| DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2024-21670 | 1 Hyperledger | 1 Ursa | 2024-02-28 | N/A | 8.1 HIGH |
| Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected. | |||||
| CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2024-02-28 | N/A | 5.3 MEDIUM |
| Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2021-27795 | 1 Broadcom | 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more | 2024-02-28 | N/A | 8.1 HIGH |
| Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | |||||
| CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 7.5 HIGH |
| HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | |||||
| CVE-2024-1040 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2024-02-28 | N/A | 4.4 MEDIUM |
| Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | |||||
| CVE-2023-50937 | 1 Ibm | 1 Powersc | 2024-02-28 | N/A | 7.5 HIGH |
| IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | |||||
| CVE-2024-24559 | 1 Vyperlang | 1 Vyper | 2024-02-28 | N/A | 5.3 MEDIUM |
| Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available. | |||||
| CVE-2021-46900 | 1 Sympa | 1 Sympa | 2024-02-28 | N/A | 7.5 HIGH |
| Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | |||||
| CVE-2024-22361 | 1 Ibm | 1 Semeru Runtime | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | |||||