Total
384 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-24559 | 1 Vyperlang | 1 Vyper | 2024-02-12 | N/A | 5.3 MEDIUM |
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available. | |||||
CVE-2022-34310 | 2024-02-12 | N/A | 5.9 MEDIUM | ||
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | |||||
CVE-2022-34309 | 2024-02-12 | N/A | 5.9 MEDIUM | ||
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | |||||
CVE-2023-51838 | 1 Meshcentral | 1 Meshcentral | 2024-02-10 | N/A | 7.5 HIGH |
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | |||||
CVE-2007-4150 | 1 Visionsoft | 1 Audit | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2024-02-09 | 6.8 MEDIUM | 9.8 CRITICAL |
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | |||||
CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | |||||
CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
CVE-2008-3775 | 1 Newsoftwares | 1 Folder Lock | 2024-02-09 | 2.1 LOW | 4.4 MEDIUM |
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value. | |||||
CVE-2007-5460 | 1 Microsoft | 2 Activesync, Windows Mobile | 2024-02-09 | 7.1 HIGH | 4.6 MEDIUM |
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. | |||||
CVE-2024-1040 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2024-02-07 | N/A | 4.4 MEDIUM |
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | |||||
CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2024-02-06 | N/A | 9.1 CRITICAL |
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
CVE-2023-50939 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 7.5 HIGH |
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | |||||
CVE-2023-50937 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 7.5 HIGH |
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | |||||
CVE-2024-21670 | 1 Hyperledger | 1 Ursa | 2024-01-24 | N/A | 8.1 HIGH |
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected. | |||||
CVE-2024-22192 | 1 Hyperledger | 1 Ursa | 2024-01-24 | N/A | 6.5 MEDIUM |
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected. | |||||
CVE-2023-49259 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-01-18 | N/A | 7.5 HIGH |
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. | |||||
CVE-2021-46900 | 1 Sympa | 1 Sympa | 2024-01-10 | N/A | 7.5 HIGH |
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | |||||
CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 7.5 HIGH |
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. |