Total
370 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-3131 | 1 1c | 1 1c\ | 2024-08-03 | 7.5 High |
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. | ||||
CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2024-08-03 | 9.1 Critical |
IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | ||||
CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 4 Medium |
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | ||||
CVE-2022-46783 | 1 Stormshield | 1 Ssl Vpn Client | 2024-08-03 | 5.3 Medium |
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. | ||||
CVE-2022-45453 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-08-03 | 7.5 High |
TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | ||||
CVE-2022-45379 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-03 | 7.5 High |
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | ||||
CVE-2022-45141 | 1 Samba | 1 Samba | 2024-08-03 | 9.8 Critical |
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | ||||
CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-08-03 | 5.3 Medium |
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | ||||
CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2024-08-03 | 5.2 Medium |
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | ||||
CVE-2022-40745 | 1 Ibm | 1 Aspera Faspex | 2024-08-03 | 5.5 Medium |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. | ||||
CVE-2022-38659 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2024-08-03 | 6 Medium |
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | ||||
CVE-2022-36555 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-08-03 | 9.8 Critical |
Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | ||||
CVE-2022-35931 | 1 Nextcloud | 1 Password Policy | 2024-08-03 | 2.7 Low |
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. | ||||
CVE-2022-34385 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-08-03 | 5.5 Medium |
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | ||||
CVE-2022-32753 | 1 Ibm | 1 Security Verify Directory | 2024-08-03 | 4.5 Medium |
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. | ||||
CVE-2022-31459 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-08-03 | 7.4 High |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. | ||||
CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2024-08-03 | 9.8 Critical |
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | ||||
CVE-2022-29835 | 1 Westerndigital | 1 Wd Discovery | 2024-08-03 | 5.3 Medium |
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows. | ||||
CVE-2022-29566 | 1 Bulletproofs Project | 1 Bulletproofs | 2024-08-03 | 8.1 High |
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue. | ||||
CVE-2022-29249 | 1 Javaez Project | 1 Javaez | 2024-08-03 | 7.5 High |
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. |