Total
382 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36647 | 1 Arm | 1 Mbed Tls | 2023-12-10 | N/A | 4.7 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | |||||
CVE-2023-23695 | 1 Dell | 1 Secure Connect Gateway | 2023-12-10 | N/A | 5.9 MEDIUM |
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||
CVE-2022-43917 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-12-10 | N/A | 7.5 HIGH |
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | |||||
CVE-2023-0296 | 1 Redhat | 1 Openshift | 2023-12-10 | N/A | 5.3 MEDIUM |
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component. | |||||
CVE-2022-38391 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Control, Linux Kernel and 1 more | 2023-12-10 | N/A | 7.5 HIGH |
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. | |||||
CVE-2022-27581 | 1 Sick | 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2022-46140 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. | |||||
CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | |||||
CVE-2022-22462 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2023-12-10 | N/A | 7.5 HIGH |
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. | |||||
CVE-2022-22564 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2023-12-10 | N/A | 5.9 MEDIUM |
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||
CVE-2023-23040 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2023-12-10 | N/A | 7.5 HIGH |
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | |||||
CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2023-12-10 | N/A | 7.5 HIGH |
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | |||||
CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2023-12-10 | N/A | 5.5 MEDIUM |
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | |||||
CVE-2022-22461 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2023-12-10 | N/A | 7.5 HIGH |
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007. | |||||
CVE-2022-23539 | 1 Auth0 | 1 Jsonwebtoken | 2023-12-10 | N/A | 8.1 HIGH |
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. | |||||
CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | |||||
CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2023-12-10 | N/A | 5.3 MEDIUM |
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. |