Total
377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2023-12-10 | N/A | 9.1 CRITICAL |
| IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | |||||
| CVE-2022-34385 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2023-12-10 | N/A | 5.5 MEDIUM |
| SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2022-2640 | 1 Hornerautomation | 2 Rcc972, Rcc972 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). | |||||
| CVE-2023-21444 | 1 Samsung | 1 Flow | 2023-12-10 | N/A | 8.8 HIGH |
| Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2022-24116 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-4036 | 1 Dwbooster | 1 Appointment Hour Booking | 2023-12-10 | N/A | 5.3 MEDIUM |
| The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | |||||
| CVE-2023-21443 | 1 Samsung | 1 Flow | 2023-12-10 | N/A | 8.8 HIGH |
| Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2023-12-10 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
| CVE-2021-40341 | 1 Hitachienergy | 2 Foxman-un, Unem | 2023-12-10 | N/A | 5.5 MEDIUM |
| DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* | |||||
| CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2023-12-10 | N/A | 6.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | |||||
| CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | N/A | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | |||||
| CVE-2022-36555 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | |||||
| CVE-2022-3273 | 1 Ikus-soft | 1 Rdiffweb | 2023-12-10 | N/A | 9.8 CRITICAL |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2022-21139 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2023-12-10 | N/A | 8.8 HIGH |
| Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2023-12-10 | N/A | 5.2 MEDIUM |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | |||||
| CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2023-12-10 | N/A | 9.8 CRITICAL |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | |||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2023-12-10 | N/A | 6.5 MEDIUM |
| An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | |||||
| CVE-2020-4099 | 1 Hcltech | 1 Verse | 2023-12-10 | N/A | 7.5 HIGH |
| The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | |||||
| CVE-2022-45379 | 1 Jenkins | 1 Script Security | 2023-12-10 | N/A | 7.5 HIGH |
| Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | |||||
| CVE-2022-29835 | 1 Westerndigital | 1 Wd Discovery | 2023-12-10 | N/A | 5.3 MEDIUM |
| WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows. | |||||