Vulnerabilities (CVE)

Filtered by CWE-327
Total 382 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36647 1 Arm 1 Mbed Tls 2023-12-10 N/A 4.7 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
CVE-2023-23695 1 Dell 1 Secure Connect Gateway 2023-12-10 N/A 5.9 MEDIUM
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVE-2022-43917 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2023-12-10 N/A 7.5 HIGH
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
CVE-2023-0296 1 Redhat 1 Openshift 2023-12-10 N/A 5.3 MEDIUM
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
CVE-2022-38391 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Control, Linux Kernel and 1 more 2023-12-10 N/A 7.5 HIGH
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.
CVE-2022-27581 1 Sick 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more 2023-12-10 N/A 6.5 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46832 1 Sick 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more 2023-12-10 N/A 6.5 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46140 1 Siemens 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more 2023-12-10 N/A 6.5 MEDIUM
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
CVE-2022-34361 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more 2023-12-10 N/A 7.5 HIGH
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
CVE-2022-22462 2 Ibm, Linux 2 Security Verify Governance, Linux Kernel 2023-12-10 N/A 7.5 HIGH
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
CVE-2022-22564 1 Dell 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment 2023-12-10 N/A 5.9 MEDIUM
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVE-2023-23040 1 Tp-link 2 Tl-wr940n, Tl-wr940n Firmware 2023-12-10 N/A 7.5 HIGH
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.
CVE-2022-34444 1 Dell 1 Powerscale Onefs 2023-12-10 N/A 7.5 HIGH
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.
CVE-2022-46833 1 Sick 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more 2023-12-10 N/A 6.5 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46834 1 Sick 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more 2023-12-10 N/A 6.5 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-35720 3 Ibm, Linux, Microsoft 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more 2023-12-10 N/A 5.5 MEDIUM
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
CVE-2022-22461 2 Ibm, Linux 2 Security Verify Governance, Linux Kernel 2023-12-10 N/A 7.5 HIGH
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.
CVE-2022-23539 1 Auth0 1 Jsonwebtoken 2023-12-10 N/A 8.1 HIGH
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.
CVE-2022-4610 1 Clickstudios 1 Passwordstate 2023-12-10 N/A 5.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.
CVE-2022-2781 1 Octopus 1 Octopus Server 2023-12-10 N/A 5.3 MEDIUM
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.