Filtered by vendor
Subscriptions
Total
390 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-30119 | 1 Hcl Software | 1 Dryice Optibot Reset Station | 2024-11-21 | 3.7 Low |
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. | ||||
CVE-2024-29969 | 2024-11-21 | 7.5 High | ||
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | ||||
CVE-2024-29951 | 2024-11-21 | 5.7 Medium | ||
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | ||||
CVE-2024-29950 | 2024-11-21 | 7.5 High | ||
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. | ||||
CVE-2024-28974 | 2024-11-21 | 7.6 High | ||
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | ||||
CVE-2024-28860 | 1 Cilium | 1 Cilium | 2024-11-21 | 8 High |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3. | ||||
CVE-2024-28755 | 2024-11-21 | 6.5 Medium | ||
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | ||||
CVE-2024-25102 | 2024-11-21 | 7.8 High | ||
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. | ||||
CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2024-11-21 | 7.5 High |
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | ||||
CVE-2024-23580 | 2024-11-21 | 6.5 Medium | ||
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values. | ||||
CVE-2024-23579 | 2024-11-21 | 6.5 Medium | ||
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values. | ||||
CVE-2024-22894 | 2 Alpha-innotec, Novelan | 4 Heat Pumps, Heat Pumps Firmware, Heat Pumps and 1 more | 2024-11-21 | 6.8 Medium |
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file. | ||||
CVE-2024-20692 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-11-21 | 5.7 Medium |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
CVE-2024-1224 | 2024-11-21 | 7.1 High | ||
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system. | ||||
CVE-2024-0753 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 6.5 Medium |
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
CVE-2023-7237 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2024-11-21 | 5.7 Medium |
Lantronix XPort sends weakly encoded credentials within web request headers. | ||||
CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2024-11-21 | 5.5 Medium |
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | ||||
CVE-2023-4129 | 1 Dell | 1 Data Protection Central | 2024-11-21 | 5.9 Medium |
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | ||||
CVE-2023-48051 | 1 Carglglz | 1 Upydev | 2024-11-21 | 7.5 High |
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | ||||
CVE-2023-48034 | 1 Acer | 2 Sk-9662, Sk-9662 Firmware | 2024-11-21 | 6.1 Medium |
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. |