Total
567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40722 | 1 Pingidentity | 3 Pingfederate, Pingid Adapter For Pingfederate, Pingid Integration Kit | 2024-11-21 | N/A | 7.7 HIGH |
| A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||||
| CVE-2022-39237 | 1 Sylabs | 1 Singularity Image Format | 2024-11-21 | N/A | 6.3 MEDIUM |
| syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | |||||
| CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-11-21 | N/A | 7.5 HIGH |
| Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
| CVE-2022-38391 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Control, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. | |||||
| CVE-2022-37177 | 1 Hirevue | 1 Hiring Platform | 2024-11-21 | N/A | 7.5 HIGH |
| HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. | |||||
| CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2024-11-21 | N/A | 2.3 LOW |
| IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-34757 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior) | |||||
| CVE-2022-34632 | 1 Linuxfoundation | 1 Rocket Chip Generator | 2024-11-21 | N/A | 9.1 CRITICAL |
| Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. | |||||
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | |||||
| CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | |||||
| CVE-2022-34320 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | |||||
| CVE-2022-34319 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. | |||||
| CVE-2022-34310 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | |||||
| CVE-2022-34309 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | |||||
| CVE-2022-33160 | 1 Ibm | 1 Security Directory Suite Va | 2024-11-21 | N/A | 3.7 LOW |
| IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | |||||
| CVE-2022-31230 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. | |||||
| CVE-2022-31157 | 1 Packback | 1 Lti 1.3 Tool Library | 2024-11-21 | N/A | 7.5 HIGH |
| LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds. | |||||
| CVE-2022-30320 | 1 Honeywell | 1 Saia Pg5 Controls Suite | 2024-11-21 | N/A | 4.3 MEDIUM |
| Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication is done by using the S-Bus 'write byte' message to a specific address and supplying a hashed version of the password. The hashing algorithm used is based on CRC-16 and as such not cryptographically secure. An insecure hashing algorithm is used. An attacker capable of passively observing traffic can intercept the hashed credentials and trivially find collisions allowing for authentication without having to bruteforce a keyspace defined by the actual strength of the password. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration. | |||||
| CVE-2022-30273 | 1 Motorolasolutions | 1 Mdlc | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. | |||||