| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. |
|
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
|
| SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
|
| Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
|
| Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 |
| An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
|
|
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.
|
| The BigFix WebUI uses weak cipher suites.
|
|
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]
https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
|
| Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
|
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
|
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. |
