Total
370 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-09-16 | N/A |
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | ||||
CVE-2018-1785 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2024-09-16 | 7.5 High |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. | ||||
CVE-2018-1466 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-09-16 | 5.3 Medium |
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. | ||||
CVE-2022-21800 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2024-09-16 | 6.5 Medium |
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords. | ||||
CVE-2018-0131 | 1 Cisco | 2 Ios, Ios Xe | 2024-09-16 | N/A |
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | ||||
CVE-2018-1608 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-09-16 | N/A |
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. | ||||
CVE-2015-5361 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-09-16 | 6.5 Medium |
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration. Note that the ftps-extensions option is not enabled by default. | ||||
CVE-2021-38983 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-09-16 | 7.5 High |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. | ||||
CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2024-09-16 | 7.5 High |
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | ||||
CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-09-16 | 5.5 Medium |
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | ||||
CVE-2021-38121 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.3 High |
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | ||||
CVE-2023-43776 | 1 Eaton | 44 Easy-box-e4-ac1, Easy-box-e4-ac1 Firmware, Easy-box-e4-dc1 and 41 more | 2024-09-13 | 6.8 Medium |
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | ||||
CVE-2023-44690 | 1 Dbcli | 1 Mycli | 2024-09-13 | 7.5 High |
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | ||||
CVE-2023-30132 | 1 Ixpdata | 1 Easyinstall | 2024-09-12 | 7.8 High |
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | ||||
CVE-2024-28755 | 2024-09-06 | 6.5 Medium | ||
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | ||||
CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-09-05 | 5.9 Medium |
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | ||||
CVE-2023-47372 | 1 Linecorp | 1 Line | 2024-09-04 | 6.5 Medium |
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
CVE-2023-47373 | 1 Linecorp | 1 Line | 2024-09-04 | 6.5 Medium |
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
CVE-2023-46894 | 1 Espressif | 1 Esptool | 2024-09-04 | 7.5 High |
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. | ||||
CVE-2023-47366 | 1 Linecorp | 1 Line | 2024-09-03 | 6.5 Medium |
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. |