Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2024-01-31 | N/A | 7.5 HIGH |
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | |||||
CVE-2021-36326 | 1 Dell | 1 Emc Streaming Data Platform | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | |||||
CVE-2020-16200 | 1 Philips | 1 Clinical Collaboration Platform | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |