Total
499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34130 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34039 | 1 Vmware | 1 Aria Operations For Networks | 2024-11-21 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | |||||
| CVE-2023-32043 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2023-30994 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 | |||||
| CVE-2023-2900 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-28244 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 5.9 MEDIUM |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-28043 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 6.5 MEDIUM |
| Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | |||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-11-21 | N/A | 7.0 HIGH |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||
| CVE-2023-27557 | 1 Ibm | 1 Safer Payments | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | |||||
| CVE-2023-26276 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | |||||
| CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
| CVE-2023-23695 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.9 MEDIUM |
| Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-11-21 | N/A | 6.4 MEDIUM |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-11-21 | N/A | 6.4 MEDIUM |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-22812 | 1 Westerndigital | 1 Sandisk Privateaccess | 2024-11-21 | N/A | 7.4 HIGH |
| SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. | |||||
| CVE-2023-21399 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21115 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | |||||
| CVE-2022-4610 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 1.9 LOW |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | |||||