Total
518 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-22461 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-08-03 | 5.9 Medium |
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007. | ||||
CVE-2022-22462 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-08-03 | 3.7 Low |
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. | ||||
CVE-2022-22313 | 1 Ibm | 1 Qradar Data Synchronization | 2024-08-03 | 4.4 Medium |
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | ||||
CVE-2022-20117 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | ||||
CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2024-08-03 | 1.9 Low |
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | ||||
CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 5.3 Medium |
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | ||||
CVE-2022-0377 | 1 Thimpress | 1 Learnpress | 2024-08-02 | 4.3 Medium |
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. | ||||
CVE-2023-51838 | 1 Meshcentral | 1 Meshcentral | 2024-08-02 | 7.5 High |
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | ||||
CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2024-08-02 | 9.1 Critical |
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | ||||
CVE-2023-50939 | 1 Ibm | 1 Powersc | 2024-08-02 | 5.9 Medium |
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | ||||
CVE-2023-50937 | 1 Ibm | 1 Powersc | 2024-08-02 | 5.9 Medium |
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | ||||
CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2024-08-02 | 9.1 Critical |
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | ||||
CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-08-02 | 8.2 High |
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | ||||
CVE-2023-50481 | 1 Blinksocks | 1 Blinksocks | 2024-08-02 | 7.5 High |
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. | ||||
CVE-2023-50313 | 1 Ibm | 1 Websphere Application Server | 2024-08-02 | 5.3 Medium |
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. | ||||
CVE-2023-50312 | 2024-08-02 | 5.3 Medium | ||
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. | ||||
CVE-2023-47640 | 1 Datahub Project | 1 Datahub | 2024-08-02 | 6.4 Medium |
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-46233 | 2 Crypto-js Project, Redhat | 2 Crypto-js, Enterprise Linux | 2024-08-02 | 9.1 Critical |
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. | ||||
CVE-2023-41928 | 2024-08-02 | 5.3 Medium | ||
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses. | ||||
CVE-2023-41927 | 2024-08-02 | 5.3 Medium | ||
The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses. |