Total
617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35537 | 1 Tvsmotor | 1 Tvs Connect | 2025-03-13 | N/A | 7.5 HIGH |
|
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption.
|
|||||
| CVE-2023-23040 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-03-12 | N/A | 7.5 HIGH |
|
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.
|
|||||
| CVE-2025-27508 | 2025-03-07 | N/A | 7.5 HIGH | ||
|
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.
|
|||||
| CVE-2025-26708 | 2025-03-07 | N/A | 4.2 MEDIUM | ||
|
There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.
|
|||||
| CVE-2023-28509 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 7.5 HIGH |
|
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.
|
|||||
| CVE-2024-49797 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.9 MEDIUM |
|
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2023-51392 | 1 Silabs | 1 Emberznet | 2025-02-12 | N/A | 6.2 MEDIUM |
|
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
|
|||||
| CVE-2025-22475 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | N/A | 3.7 LOW |
|
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
|
|||||
| CVE-2022-45170 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 6.5 MEDIUM |
|
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.
|
|||||
| CVE-2022-43934 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 6.5 MEDIUM |
|
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
|
|||||
| CVE-2024-28980 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 6.5 MEDIUM |
|
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
|
|||||
| CVE-2024-37137 | 1 Dell | 1 Cloudlink | 2025-02-03 | N/A | 3.8 LOW |
|
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.
|
|||||
| CVE-2024-26317 | 2025-01-28 | N/A | 6.1 MEDIUM | ||
|
In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
|
|||||
| CVE-2022-3365 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
|
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
|
|||||
| CVE-2022-36937 | 1 Facebook | 1 Hhvm | 2025-01-27 | N/A | 9.8 CRITICAL |
|
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.
Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
|
|||||
| CVE-2024-8603 | 2025-01-15 | N/A | 7.5 HIGH | ||
|
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices.
|
|||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2025-01-14 | 5.1 MEDIUM | 8.3 HIGH |
|
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2020-27652 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 5.1 MEDIUM | 8.3 HIGH |
|
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2022-46140 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | N/A | 6.5 MEDIUM |
|
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
|
|||||
| CVE-2024-31989 | 1 Argoproj | 1 Argo Cd | 2025-01-09 | N/A | 9.0 CRITICAL |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability c ...
Show More |
|||||
| CVE-2024-4563 | 1 Progress | 1 Moveit Automation | 2025-01-08 | N/A | 6.1 MEDIUM |
|
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.
|
|||||
| CVE-2023-37395 | 1 Ibm | 1 Aspera Faspex | 2025-01-07 | N/A | 2.5 LOW |
|
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
|
|||||
| CVE-2023-40696 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.
|
|||||
| CVE-2020-4874 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.
|
|||||
| CVE-2024-47921 | 2024-12-30 | N/A | 8.4 HIGH | ||
|
Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm
|
|||||
| CVE-2024-27255 | 1 Ibm | 1 Mq Operator | 2024-12-23 | N/A | 5.9 MEDIUM |
|
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.
|
|||||
| CVE-2023-37396 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | N/A | 2.5 LOW |
|
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
|
|||||
| CVE-2024-48016 | 1 Dell | 1 Secure Connect Gateway | 2024-12-13 | N/A | 4.6 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.
|
|||||
| CVE-2024-53845 | 2024-12-12 | N/A | N/A | ||
|
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues ...
Show More |
|||||
| CVE-2024-53441 | 2024-12-12 | N/A | 9.1 CRITICAL | ||
|
An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
|
|||||
| CVE-2024-41775 | 1 Ibm | 1 Cognos Controller | 2024-12-11 | N/A | 5.9 MEDIUM |
|
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2024-22458 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | N/A | 3.7 LOW |
|
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
|
|||||
| CVE-2024-52801 | 2024-11-29 | N/A | N/A | ||
|
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. ...
Show More |
|||||
| CVE-2024-51556 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-22 | N/A | 6.5 MEDIUM |
|
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users.
|
|||||
| CVE-2024-5559 | 1 Schneider-electric | 2 Powerlogic P5, Powerlogic P5 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could
cause denial of service, device reboot, or an attacker gaining full control of the relay when a
specially crafted reset token is entered into the front panel of the device.
|
|||||
| CVE-2024-3264 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before 1.0.14.
|
|||||
| CVE-2024-39731 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
|
|||||
| CVE-2024-36440 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
|
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used.
|
|||||
| CVE-2024-32911 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-30098 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Cryptographic Services Security Feature Bypass Vulnerability
|
|||||