Total
560 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4563 | 1 Progress | 1 Moveit Automation | 2025-01-08 | 6.1 Medium |
| The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | ||||
| CVE-2024-22463 | 1 Dell | 1 Powerscale Onefs | 2025-01-08 | 7.4 High |
| Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information | ||||
| CVE-2023-37395 | 1 Ibm | 1 Aspera Faspex | 2025-01-07 | 2.5 Low |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | ||||
| CVE-2023-40696 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | 5.9 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | ||||
| CVE-2023-47640 | 1 Datahub Project | 1 Datahub | 2025-01-07 | 6.4 Medium |
| DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2020-4874 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | 5.9 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837. | ||||
| CVE-2024-52366 | 1 Ibm | 1 Concert | 2025-01-07 | 5.9 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2022-30187 | 1 Microsoft | 2 Azure Storage Blobs, Azure Storage Queue | 2025-01-02 | 4.7 Medium |
| Azure Storage Library Information Disclosure Vulnerability | ||||
| CVE-2023-32043 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 6.8 Medium |
| Windows Remote Desktop Security Feature Bypass Vulnerability | ||||
| CVE-2024-47921 | 2024-12-30 | 8.4 High | ||
| Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm | ||||
| CVE-2024-27255 | 1 Ibm | 1 Mq Operator | 2024-12-23 | 5.9 Medium |
| IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | ||||
| CVE-2023-37396 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 2.5 Low |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | ||||
| CVE-2023-21115 | 1 Google | 1 Android | 2024-12-18 | 8.8 High |
| In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | ||||
| CVE-2024-55885 | 2024-12-13 | N/A | ||
| beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256. | ||||
| CVE-2024-48016 | 1 Dell | 1 Secure Connect Gateway | 2024-12-13 | 4.6 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. | ||||
| CVE-2024-53845 | 2024-12-12 | N/A | ||
| ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | ||||
| CVE-2024-53441 | 2024-12-12 | 9.1 Critical | ||
| An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack. | ||||
| CVE-2024-41775 | 1 Ibm | 1 Cognos Controller | 2024-12-11 | 5.9 Medium |
| IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 7 High |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | ||||
| CVE-2024-22458 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | 3.7 Low |
| Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | ||||