ReportizFlow
Filtered by vendor
Subscriptions
Total
2481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42038 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 8.8 High |
| Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2018-0281 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-29 | N/A |
| A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. | ||||
| CVE-2018-0283 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-29 | N/A |
| A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. | ||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 28 Mac Os X, Debian Linux, Fedora and 25 more | 2024-11-27 | 3.4 Low |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
| CVE-2018-0412 | 1 Cisco | 16 Wap121, Wap121 Firmware, Wap125 and 13 more | 2024-11-26 | N/A |
| A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229. | ||||
| CVE-2019-1940 | 1 Cisco | 1 Industrial Network Director | 2024-11-21 | 5.9 Medium |
| A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. | ||||
| CVE-2024-26228 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | 7.8 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-20690 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-11-21 | 6.5 Medium |
| Windows Nearby Sharing Spoofing Vulnerability | ||||
| CVE-2023-44303 | 1 Robware | 1 Rvtools | 2024-11-21 | 7.5 High |
| RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. | ||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2024-11-21 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2023-23919 | 2 Nodejs, Redhat | 2 Node.js, Enterprise Linux | 2024-11-21 | 7.5 High |
| A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | ||||
| CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 1.9 Low |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | ||||
| CVE-2022-45453 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 7.5 High |
| TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | ||||
| CVE-2022-40675 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 6 Medium |
| Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. | ||||
| CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2024-11-21 | 5.3 Medium |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | ||||
| CVE-2022-23724 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 6.4 Medium |
| Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. | ||||
| CVE-2022-23719 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.2 High |
| PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. | ||||
| CVE-2022-22076 | 1 Qualcomm | 696 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 693 more | 2024-11-21 | 7.1 High |
| information disclosure due to cryptographic issue in Core during RPMB read request. | ||||
| CVE-2021-4258 | 1 Whohas Project | 1 Whohas | 2024-11-21 | 3.7 Low |
| A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | ||||
| CVE-2021-42001 | 1 Pingidentity | 1 Pingid Desktop | 2024-11-21 | 8 High |
| PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | ||||