Total
396 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.8 Medium |
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
CVE-2009-2474 | 5 Apple, Canonical, Fedoraproject and 2 more | 5 Mac Os X, Ubuntu Linux, Fedora and 2 more | 2024-11-21 | N/A |
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
CVE-2005-4900 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | ||||
CVE-2023-6728 | 2024-11-05 | 3.3 Low | ||
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | ||||
CVE-2024-43382 | 1 Snowflake | 1 Snowflake Jdbc | 2024-11-01 | 5.9 Medium |
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. | ||||
CVE-2024-45259 | 1 Gl-inet | 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more | 2024-10-28 | 6.5 Medium |
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted. | ||||
CVE-2024-45394 | 2 Authenticator, Authenticator-extension | 2 Authenticator, Authenticator | 2024-10-09 | 8.8 High |
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | ||||
CVE-2024-47182 | 1 Amirraminfar | 1 Dozzle | 2024-10-04 | 4.8 Medium |
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. | ||||
CVE-2024-8455 | 2 Planet, Planet Technology Corp | 9 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 6 more | 2024-10-04 | 8.1 High |
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. | ||||
CVE-2021-38121 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.3 High |
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | ||||
CVE-2024-42163 | 1 Fiware | 1 Keyrock | 2024-08-29 | 8.3 High |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | ||||
CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | 6.7 Medium |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | ||||
CVE-2024-21787 | 1 Bmra Software | 1 Bmra Software | 2024-08-14 | 6.4 Medium |
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-5800 | 2024-08-12 | N/A | ||
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication. | ||||
CVE-2024-32758 | 1 Johnsoncontrols | 2 Exacqvision Client, Exacqvision Server | 2024-08-09 | 7.5 High |
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | ||||
CVE-2024-40719 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | 6.5 Medium |
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it. |