Total
522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21399 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21115 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | |||||
| CVE-2023-0452 | 1 Econolite | 1 Eos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. | |||||
| CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 1.9 LOW |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | |||||
| CVE-2022-45858 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 4.2 MEDIUM |
| A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. | |||||
| CVE-2022-45195 | 1 Simplex | 2 Simplex Chat, Simplexmq | 2024-11-21 | N/A | 5.3 MEDIUM |
| SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | |||||
| CVE-2022-43949 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 6.2 MEDIUM |
| A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | |||||
| CVE-2022-43917 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | |||||
| CVE-2022-43843 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. | |||||
| CVE-2022-40722 | 1 Pingidentity | 3 Pingfederate, Pingid Adapter For Pingfederate, Pingid Integration Kit | 2024-11-21 | N/A | 7.7 HIGH |
| A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||||
| CVE-2022-39237 | 1 Sylabs | 1 Singularity Image Format | 2024-11-21 | N/A | 6.3 MEDIUM |
| syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | |||||
| CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-11-21 | N/A | 7.5 HIGH |
| Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
| CVE-2022-38391 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Control, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. | |||||
| CVE-2022-37177 | 1 Hirevue | 1 Hiring Platform | 2024-11-21 | N/A | 7.5 HIGH |
| HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. | |||||
| CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2024-11-21 | N/A | 2.3 LOW |
| IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-34757 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior) | |||||
| CVE-2022-34632 | 1 Linuxfoundation | 1 Rocket Chip Generator | 2024-11-21 | N/A | 9.1 CRITICAL |
| Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. | |||||
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | |||||
| CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | |||||