Total
522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12129 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 2.9 LOW | 8.0 HIGH |
| An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | |||||
| CVE-2016-5431 | 1 Php Jose Project | 1 Php Jose | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. | |||||
| CVE-2015-9235 | 1 Auth0 | 1 Jsonwebtoken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | |||||
| CVE-2013-2213 | 1 Kde | 1 Paste Applet | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | |||||
| CVE-2013-20003 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-11-21 | 7.9 HIGH | 8.3 HIGH |
| Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | |||||
| CVE-2013-1053 | 1 Canonical | 1 Remote-login-service | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions. | |||||
| CVE-2012-5623 | 1 Squirrelmail | 1 Change Passwd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | |||||
| CVE-2011-2487 | 2 Apache, Redhat | 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | |||||
| CVE-2024-43189 | 2024-11-18 | N/A | 5.9 MEDIUM | ||
| IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-51478 | 2024-11-01 | N/A | 9.9 CRITICAL | ||
| YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | |||||
| CVE-2024-10128 | 1 Topdata | 1 Inner Rep Plus | 2024-10-30 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47188 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. | |||||
| CVE-2024-47187 | 1 Oisf | 1 Suricata | 2024-10-22 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. | |||||
| CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-10-09 | N/A | 8.8 HIGH |
| Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | |||||
| CVE-2024-8452 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 7.5 HIGH |
| Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially. | |||||
| CVE-2024-37068 | 1 Ibm | 1 Maximo Application Suite | 2024-09-21 | N/A | 5.9 MEDIUM |
| IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | |||||
| CVE-2024-39583 | 1 Dell | 1 Insightiq | 2024-09-16 | N/A | 8.1 HIGH |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-45193 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
| An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-28972 | 1 Dell | 1 Insightiq | 2024-08-23 | N/A | 5.9 MEDIUM |
| Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 5.9 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||