Total
376 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28896 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-04-24 | N/A | 2.4 LOW |
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | |||||
CVE-2022-40745 | 2024-04-19 | N/A | 5.5 MEDIUM | ||
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. | |||||
CVE-2024-29969 | 2024-04-19 | N/A | 7.5 HIGH | ||
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. | |||||
CVE-2024-29951 | 2024-04-18 | N/A | 5.7 MEDIUM | ||
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. | |||||
CVE-2024-29950 | 2024-04-17 | N/A | 7.5 HIGH | ||
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. | |||||
CVE-2024-20692 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-04-11 | N/A | 5.7 MEDIUM |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | |||||
CVE-2023-7237 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2024-04-11 | N/A | 7.5 HIGH |
Lantronix XPort sends weakly encoded credentials within web request headers. | |||||
CVE-2024-3387 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. | |||||
CVE-2018-7242 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. | |||||
CVE-2022-32753 | 1 Ibm | 1 Security Verify Directory | 2024-04-01 | N/A | 6.5 MEDIUM |
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. | |||||
CVE-2024-28860 | 2024-03-28 | N/A | 8.0 HIGH | ||
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3. | |||||
CVE-2024-1224 | 2024-03-06 | N/A | 7.1 HIGH | ||
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system. | |||||
CVE-2024-25102 | 2024-03-06 | N/A | 7.1 HIGH | ||
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. | |||||
CVE-2024-22894 | 2 Alpha-innotec, Novelan | 4 Heat Pumps, Heat Pumps Firmware, Heat Pumps and 1 more | 2024-03-05 | N/A | 6.8 MEDIUM |
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file. | |||||
CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-02-27 | 7.5 HIGH | 9.8 CRITICAL |
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | |||||
CVE-2024-0220 | 2024-02-22 | N/A | 8.3 HIGH | ||
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0. | |||||
CVE-2004-2172 | 1 Netsourcecommerce | 1 Productcart | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | |||||
CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | |||||
CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2024-02-14 | 4.6 MEDIUM | 7.8 HIGH |
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
CVE-2002-1697 | 1 Vtun Project | 1 Vtun | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. |