Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38925 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | |||||
| CVE-2021-31797 | 1 Cyberark | 1 Credential Provider | 2021-09-10 | 1.9 LOW | 5.1 MEDIUM |
| The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | |||||
| CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-08-31 | 3.5 LOW | 5.3 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | |||||
| CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2021-08-23 | 5.8 MEDIUM | 7.4 HIGH |
| The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | |||||
| CVE-2017-16632 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2021-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-37588 | 1 Jhu | 1 Charm | 2021-08-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. | |||||
| CVE-2021-23982 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | |||||
| CVE-2021-36769 | 1 Telegram | 2 Telegram, Telegram Desktop | 2021-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. | |||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | |||||
| CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | |||||
| CVE-2020-0533 | 1 Intel | 1 Converged Security Management Engine Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2020-5886 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | |||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | |||||
| CVE-2020-5885 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | |||||
| CVE-2020-10375 | 1 Newmediacompany | 1 Smarty | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product. | |||||
| CVE-2019-12121 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | |||||
| CVE-2020-35221 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2021-07-21 | 3.3 LOW | 8.8 HIGH |
| The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | |||||
| CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | |||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | |||||