Total
500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43550 | 1 Philips | 3 Efficia Cm, Efficia Cm Firmware, Patient Information Center Ix | 2024-11-21 | 3.3 LOW | 5.9 MEDIUM |
| The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0. | |||||
| CVE-2021-42583 | 1 Foxcpp | 1 Maddy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. | |||||
| CVE-2021-41278 | 1 Edgexfoundry | 3 App Service Configurable, Application Functions Software Development Kit, Edgex Foundry | 2024-11-21 | 2.6 LOW | 5.7 MEDIUM |
| Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new "aes256" transform. | |||||
| CVE-2021-41263 | 1 Discourse | 1 Rails Multisite | 2024-11-21 | 6.0 MEDIUM | 8.3 HIGH |
| rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture. | |||||
| CVE-2021-41096 | 1 Rucky Project | 1 Rucky | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required. | |||||
| CVE-2021-40530 | 2 Cryptopp, Fedoraproject | 2 Crypto\+\+, Fedora | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2021-40529 | 3 Botan Project, Fedoraproject, Mozilla | 3 Botan, Fedora, Thunderbird | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2021-40528 | 1 Gnupg | 1 Libgcrypt | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-39082 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2021-39076 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. | |||||
| CVE-2021-39058 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. | |||||
| CVE-2021-39002 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2021-38933 | 3 Ibm, Linux, Oracle | 4 Aix, Sterling Connect\, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. | |||||
| CVE-2021-38921 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | |||||
| CVE-2021-38542 | 1 Apache | 1 James | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. | |||||
| CVE-2021-37588 | 1 Jhu | 1 Charm | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. | |||||
| CVE-2021-37587 | 1 Jhu | 1 Charm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. | |||||
| CVE-2021-37546 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||||
| CVE-2021-36298 | 1 Dell | 2 Isilon Insightiq, Isilon Insightiq Firmware | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | |||||