Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18767 | 2 D-link, Dlink | 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor | 2023-04-26 | 1.9 LOW | 7.0 HIGH |
| An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | |||||
| CVE-2023-29054 | 1 Siemens | 26 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 23 more | 2023-04-20 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
| CVE-2023-27389 | 1 Contec | 38 Cps-mc341-a1-111, Cps-mc341-a1-111 Firmware, Cps-mc341-adsc1-111 and 35 more | 2023-04-18 | N/A | 7.2 HIGH |
| Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). | |||||
| CVE-2023-27987 | 1 Apache | 1 Linkis | 2023-04-14 | N/A | 9.1 CRITICAL |
| In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token | |||||
| CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-03-24 | N/A | 5.3 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | |||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2023-03-16 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
| CVE-2019-4102 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-03-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | |||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | |||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | |||||
| CVE-2023-21444 | 1 Samsung | 1 Flow | 2023-02-17 | N/A | 8.8 HIGH |
| Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2023-21443 | 1 Samsung | 1 Flow | 2023-02-17 | N/A | 8.8 HIGH |
| Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2023-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
| CVE-2019-4256 | 1 Ibm | 1 Api Connect | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. | |||||
| CVE-2019-4151 | 1 Ibm | 1 Security Access Manager | 2023-01-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. | |||||
| CVE-2022-24116 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-01-05 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-2582 | 1 Amazon | 1 Aws Software Development Kit | 2023-01-05 | N/A | 4.3 MEDIUM |
| The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. | |||||
| CVE-2019-4339 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. | |||||
| CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2022-12-12 | N/A | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | |||||
| CVE-2019-4175 | 1 Ibm | 1 Cognos Controller | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. | |||||
| CVE-2022-2640 | 1 Hornerautomation | 2 Rcc972, Rcc972 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). | |||||