Total
377 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48034 | 1 Acer | 2 Sk-9662, Sk-9662 Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. | |||||
CVE-2023-47366 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-48051 | 1 Carglglz | 1 Upydev | 2023-12-10 | N/A | 7.5 HIGH |
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | |||||
CVE-2023-43757 | 1 Elecom | 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | |||||
CVE-2023-47372 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
CVE-2023-46894 | 1 Espressif | 1 Esptool | 2023-12-10 | N/A | 7.5 HIGH |
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. | |||||
CVE-2023-47369 | 1 Linecorp | 1 Line | 2023-12-10 | N/A | 6.5 MEDIUM |
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. | |||||
CVE-2023-43776 | 1 Eaton | 44 Easy-box-e4-ac1, Easy-box-e4-ac1 Firmware, Easy-box-e4-dc1 and 41 more | 2023-12-10 | N/A | 6.6 MEDIUM |
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | |||||
CVE-2022-46783 | 1 Stormshield | 1 Ssl Vpn Client | 2023-12-10 | N/A | 5.3 MEDIUM |
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. | |||||
CVE-2023-44690 | 1 Dbcli | 1 Mycli | 2023-12-10 | N/A | 7.5 HIGH |
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | |||||
CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2023-12-10 | N/A | 7.5 HIGH |
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | |||||
CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2023-12-10 | N/A | 7.5 HIGH |
The BigFix WebUI uses weak cipher suites. | |||||
CVE-2023-41305 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
CVE-2023-4129 | 1 Dell | 1 Data Protection Central | 2023-12-10 | N/A | 7.5 HIGH |
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | |||||
CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2023-12-10 | N/A | 7.5 HIGH |
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | |||||
CVE-2023-34971 | 1 Qnap | 2 Qts, Quts Hero | 2023-12-10 | N/A | 8.8 HIGH |
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later | |||||
CVE-2023-30132 | 1 Ixpdata | 1 Easyinstall | 2023-12-10 | N/A | 7.8 HIGH |
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | |||||
CVE-2023-33283 | 1 Marvalglobal | 1 Msm | 2023-12-10 | N/A | 5.5 MEDIUM |
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key. | |||||
CVE-2022-45453 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-12-10 | N/A | 7.5 HIGH |
TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||||
CVE-2023-33982 | 1 Briarproject | 1 Briar | 2023-12-10 | N/A | 5.9 MEDIUM |
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. |