Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5559 | 2024-06-13 | N/A | 6.1 MEDIUM | ||
| CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | |||||
| CVE-2022-37177 | 1 Hirevue | 1 Hiring Platform | 2024-06-10 | N/A | 7.5 HIGH |
| HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. | |||||
| CVE-2020-11876 | 1 Zoom | 1 Meetings | 2024-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code | |||||
| CVE-2024-20070 | 2024-06-03 | N/A | N/A | ||
| In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. | |||||
| CVE-2023-32043 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 6.8 MEDIUM |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2023-28244 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-05-29 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2024-0323 | 1 Br-automation | 1 Automation Runtime | 2024-05-27 | N/A | 9.8 CRITICAL |
| The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. | |||||
| CVE-2024-4563 | 2024-05-23 | N/A | 6.1 MEDIUM | ||
| The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | |||||
| CVE-2024-31989 | 2024-05-22 | N/A | 9.0 CRITICAL | ||
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10. | |||||
| CVE-2023-2900 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-05-17 | 2.6 LOW | 7.5 HIGH |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2018-11209 | 1 Zblogcn | 1 Z-blogphp | 2024-05-17 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue | |||||
| CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-05-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2024-25968 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-40696 | 2024-05-06 | N/A | 5.9 MEDIUM | ||
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | |||||
| CVE-2020-4874 | 2024-05-06 | N/A | 5.9 MEDIUM | ||
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837. | |||||
| CVE-2022-34309 | 1 Ibm | 1 Cics Tx | 2024-04-30 | N/A | 7.5 HIGH |
| IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | |||||
| CVE-2024-29056 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-04-26 | N/A | 4.3 MEDIUM |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2023-50313 | 1 Ibm | 1 Websphere Application Server | 2024-04-08 | N/A | 6.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. | |||||
| CVE-2024-25963 | 2024-03-28 | N/A | 5.9 MEDIUM | ||
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-22463 | 2024-03-04 | N/A | 7.4 HIGH | ||
| Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information | |||||