Total
560 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30441 | 2 Ibm, Redhat | 6 Infosphere Information Server, Java, Websphere Application Server and 3 more | 2025-01-30 | 7.5 High |
| IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | ||||
| CVE-2022-22313 | 1 Ibm | 1 Qradar Data Synchronization | 2025-01-29 | 4.4 Medium |
| IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | ||||
| CVE-2024-26317 | 2025-01-28 | 6.1 Medium | ||
| In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. | ||||
| CVE-2022-3365 | 2025-01-28 | 9.8 Critical | ||
| Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved. | ||||
| CVE-2022-36937 | 1 Facebook | 1 Hhvm | 2025-01-27 | 9.8 Critical |
| HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. | ||||
| CVE-2024-38320 | 1 Ibm | 2 Storage Protect Backup Archive Client, Storage Protect For Virtual Enviornments Data Protection For Vmware | 2025-01-27 | 5.9 Medium |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-29056 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-23 | 4.3 Medium |
| Windows Authentication Elevation of Privilege Vulnerability | ||||
| CVE-2023-28244 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-23 | 8.1 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2025-01-22 | 5.9 Medium |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | ||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-01-21 | 5.9 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2023-0452 | 1 Econolite | 1 Eos | 2025-01-16 | 9.8 Critical |
| Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. | ||||
| CVE-2024-8603 | 2025-01-15 | 7.5 High | ||
| A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices. | ||||
| CVE-2020-27652 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 8.3 High |
| Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | ||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2025-01-14 | 8.3 High |
| Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | ||||
| CVE-2022-46140 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | 6.5 Medium |
| Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. | ||||
| CVE-2024-55539 | 2025-01-09 | 2.5 Low | ||
| Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. | ||||
| CVE-2024-31989 | 2 Argoproj, Redhat | 3 Argo-cd, Argo Cd, Openshift Gitops | 2025-01-09 | 9.1 Critical |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10. | ||||
| CVE-2024-25963 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.9 Medium |
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2024-25968 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.9 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-28043 | 1 Dell | 1 Secure Connect Gateway | 2025-01-08 | 6.5 Medium |
| Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | ||||