Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1339 | 1 Ibm | 1 Tivoli Storage Manager | 2024-09-16 | N/A |
| IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. | ||||
| CVE-2019-1828 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2024-09-16 | N/A |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. | ||||
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-16 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | ||||
| CVE-2022-20805 | 1 Cisco | 1 Umbrella Secure Web Gateway | 2024-09-16 | 4.1 Medium |
| A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability. | ||||
| CVE-2020-4595 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-09-16 | 7.5 High |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819. | ||||
| CVE-2017-16718 | 1 Beckhoff | 1 Twincat | 2024-09-16 | N/A |
| Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added. | ||||
| CVE-2020-4191 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-16 | 4.4 Medium |
| IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | ||||
| CVE-2019-4639 | 1 Ibm | 1 Security Secret Server | 2024-09-16 | 7.5 High |
| IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | ||||
| CVE-2018-10084 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. | ||||
| CVE-2018-1428 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-09-16 | N/A |
| IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. | ||||
| CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2024-09-16 | 7.5 High |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | ||||
| CVE-2019-0030 | 1 Juniper | 3 Advanced Threat Prevention Firmware, Atp400, Atp700 | 2024-09-16 | 7.2 High |
| Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2022-21800 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2024-09-16 | 6.5 Medium |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords. | ||||
| CVE-2020-4452 | 1 Ibm | 1 Api Connect | 2024-09-16 | 7.5 High |
| IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | ||||
| CVE-2021-27784 | 1 Hcltech | 1 Hcl Launch Container Image | 2024-09-16 | 5.9 Medium |
| The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | ||||
| CVE-2022-22559 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 7.5 High |
| Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. | ||||
| CVE-2018-1720 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-16 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294. | ||||
| CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-09-16 | 7.5 High |
| IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | ||||
| CVE-2017-1598 | 1 Ibm | 1 Security Guardium | 2024-09-16 | N/A |
| IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | ||||
| CVE-2021-29722 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-09-16 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | ||||