Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29161 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrator ...
Show More |
|||||
| CVE-2022-26307 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2024-11-21 | N/A | 8.8 HIGH |
|
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to ...
Show More |
|||||
| CVE-2022-26306 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2024-11-21 | N/A | 7.5 HIGH |
|
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7. ...
Show More |
|||||
| CVE-2022-25156 | 1 Mitsubishielectric | 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120 ...
Show More |
|||||
| CVE-2022-25012 | 1 Argussurveillance | 1 Dvr | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Argus Surveillance DVR v4.0 employs weak password encryption.
|
|||||
| CVE-2022-24318 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
|
|||||
| CVE-2022-22464 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.
|
|||||
| CVE-2022-22453 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.
|
|||||
| CVE-2022-22368 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Scale, Linux Kernel and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.
|
|||||
| CVE-2022-22321 | 1 Ibm | 1 Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
|
|||||
| CVE-2022-21800 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
|
|||||
| CVE-2022-21653 | 1 Typelevel | 1 Jawn | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.
|
|||||
| CVE-2022-20677 | 1 Cisco | 62 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 59 more | 2024-11-21 | 7.2 HIGH | 5.5 MEDIUM |
|
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-1318 | 1 Carrier | 2 Hills Comnav, Hills Comnav Firmware | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically s ...
Show More |
|||||
| CVE-2021-44150 | 1 Transloadit | 1 Tusdotnet | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.
|
|||||
| CVE-2021-42216 | 1 Anonaddy | 1 Anonaddy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
|
|||||
| CVE-2021-40341 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 7.1 HIGH |
|
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects
* FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;
* UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R ...
Show More |
|||||
| CVE-2021-3789 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
|
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
|
|||||
| CVE-2021-3131 | 1 1c | 1 1c\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.
|
|||||
| CVE-2021-39182 | 1 Enrocrypt Project | 1 Enrocrypt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
|
|||||
| CVE-2021-38984 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.
|
|||||
| CVE-2021-38983 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.
|
|||||
| CVE-2021-38947 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.
|
|||||
| CVE-2021-38925 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.
|
|||||
| CVE-2021-38891 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
|
|||||
| CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
|
|||||
| CVE-2021-38464 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.4 MEDIUM |
|
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
|
|||||
| CVE-2021-37606 | 1 Meow Hash Project | 1 Meow Hash | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.
|
|||||
| CVE-2021-36337 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
|
|||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.
|
|||||
| CVE-2021-32945 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.
|
|||||
| CVE-2021-32496 | 1 Sick | 2 Visionary-s Cx, Visionary-s Cx Firmware | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, le ...
Show More |
|||||
| CVE-2021-32010 | 1 Secomea | 27 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 24 more | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
|
|||||
| CVE-2021-28095 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
|
|||||
| CVE-2021-28094 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
|
|||||
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.
|
|||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
|
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
|
|||||
| CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
|
|||||
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).
|
|||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
|
|||||