Total
387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39058 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. | |||||
| CVE-2021-43550 | 1 Philips | 3 Efficia Cm, Efficia Cm Firmware, Patient Information Center Ix | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
| The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0. | |||||
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-29894 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | |||||
| CVE-2021-45450 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||
| CVE-2021-31562 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Link\+ and 5 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information. | |||||
| CVE-2021-33846 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users. | |||||
| CVE-2021-45512 | 1 Netgear | 42 D7000, D7000 Firmware, D8500 and 39 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. | |||||
| CVE-2021-29750 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778. | |||||
| CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | |||||
| CVE-2021-29794 | 1 Ibm | 1 Tivoli Netcool\/impact | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556. | |||||
| CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | |||||
| CVE-2020-36315 | 1 Relic Project | 1 Relic | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | |||||
| CVE-2021-40530 | 2 Cryptopp, Fedoraproject | 2 Crypto\+\+, Fedora | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2021-20337 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448. | |||||
| CVE-2021-20419 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280. | |||||
| CVE-2021-22738 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. | |||||
| CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | |||||
| CVE-2021-37546 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||||
| CVE-2021-37588 | 1 Jhu | 1 Charm | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. | |||||