Filtered by CWE-327
Filtered by vendor Subscriptions
Total 531 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-24559 1 Vyperlang 1 Vyper 2024-11-21 3.7 Low
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.
CVE-2024-22463 2024-11-21 7.4 High
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information
CVE-2024-22361 1 Ibm 1 Semeru Runtime 2024-11-21 5.9 Medium
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
CVE-2024-22318 1 Ibm 1 I Access Client Solutions 2024-11-21 5.1 Medium
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVE-2024-22192 1 Hyperledger 1 Ursa 2024-11-21 6.5 Medium
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
CVE-2024-21670 1 Hyperledger 1 Ursa 2024-11-21 6.5 Medium
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
CVE-2024-20070 2024-11-21 5.1 Medium
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.
CVE-2024-1040 1 Gesslergmbh 2 Web-master, Web-master Firmware 2024-11-21 4.4 Medium
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
CVE-2023-5962 1 Moxa 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more 2024-11-21 6.5 Medium
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.
CVE-2023-5627 1 Moxa 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more 2024-11-21 7.5 High
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
CVE-2023-51839 1 Devicefarmer 1 Smartphone Test Farm 2024-11-21 9.1 Critical
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVE-2023-51838 1 Meshcentral 1 Meshcentral 2024-11-21 7.5 High
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVE-2023-50939 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
CVE-2023-50937 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
CVE-2023-50781 2 M2crypto Project, Redhat 5 M2crypto, Enterprise Linux, Rhev Hypervisor and 2 more 2024-11-21 7.5 High
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
CVE-2023-50481 1 Blinksocks 1 Blinksocks 2024-11-21 7.5 High
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.
CVE-2023-50350 1 Hcltech 1 Dryice Myxalytics 2024-11-21 8.2 High
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.
CVE-2023-50313 1 Ibm 1 Websphere Application Server 2024-11-21 5.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
CVE-2023-50312 2024-11-21 5.3 Medium
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
CVE-2023-4331 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols