Filtered by CWE-326
Filtered by vendor Subscriptions
Total 390 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-33982 1 Briarproject 1 Briar 2024-11-21 5.9 Medium
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.
CVE-2023-33283 1 Marvalglobal 1 Msm 2024-11-21 5.5 Medium
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.
CVE-2023-31135 1 Dgraph 1 Dgraph 2024-11-21 3.3 Low
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.
CVE-2023-30351 1 Tenda 2 Cp3, Cp3 Firmware 2024-11-21 7.5 High
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.
CVE-2023-30132 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 High
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.
CVE-2023-2443 1 Rockwellautomation 1 Thinmanager 2024-11-21 7.5 High
Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
CVE-2023-2197 1 Hashicorp 1 Vault 2024-11-21 2.5 Low
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
CVE-2023-29549 1 Mozilla 2 Firefox, Focus 2024-11-21 6.5 Medium
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29054 1 Siemens 26 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 23 more 2024-11-21 6.7 Medium
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
CVE-2023-28896 1 Preh 2 Mib3, Mib3 Firmware 2024-11-21 3.3 Low
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CVE-2023-28124 1 Ui 1 Desktop 2024-11-21 5.5 Medium
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2023-28021 1 Hcltech 1 Bigfix Webui 2024-11-21 5.9 Medium
The BigFix WebUI uses weak cipher suites.
CVE-2023-27987 1 Apache 1 Linkis 2024-11-21 9.1 Critical
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
CVE-2023-27389 1 Contec 38 Cps-mc341-a1-111, Cps-mc341-a1-111 Firmware, Cps-mc341-adsc1-111 and 35 more 2024-11-21 7.2 High
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
CVE-2023-26943 1 Assaabloy 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-26942 1 Assaabloy 2 Yale Ia-210, Yale Ia-210 Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-26941 1 Assaabloy 2 Yale Conexis L1, Yale Conexis L1 Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-24502 1 Electra-air 2 Central Ac Unit, Central Ac Unit Firmware 2024-11-21 7.5 High
Electra Central AC unit – The unit opens an AP with an easily calculated password.
CVE-2023-23911 1 Rocket.chat 1 Rocket.chat 2024-11-21 7.5 High
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
CVE-2023-23597 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.