Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20513 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 | |||||
| CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-27581 | 1 Sick | 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2021-40529 | 3 Botan Project, Fedoraproject, Mozilla | 3 Botan, Fedora, Thunderbird | 2022-12-09 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2017-12129 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-08 | 2.9 LOW | 8.0 HIGH |
| An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | |||||
| CVE-2021-45451 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||
| CVE-2021-40528 | 1 Gnupg | 1 Libgcrypt | 2022-12-06 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2022-45195 | 1 Simplex | 2 Simplex Chat, Simplexmq | 2022-11-17 | N/A | 5.3 MEDIUM |
| SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | |||||
| CVE-2022-34319 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 7.5 HIGH |
| IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. | |||||
| CVE-2022-34320 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 7.5 HIGH |
| IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | |||||
| CVE-2020-27653 | 1 Synology | 2 Diskstation Manager, Router Manager | 2022-11-16 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-27652 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2022-11-16 | 5.1 MEDIUM | 8.3 HIGH |
| Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2022-11-08 | N/A | 5.5 MEDIUM |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | |||||
| CVE-2021-27784 | 1 Hcltech | 1 Hcl Launch Container Image | 2022-11-02 | N/A | 7.5 HIGH |
| The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | |||||
| CVE-2007-6755 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j | 2022-11-01 | 5.8 MEDIUM | N/A |
| The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE. | |||||
| CVE-2021-31352 | 1 Juniper | 1 Session And Resource Control | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6. | |||||
| CVE-2021-38542 | 1 Apache | 1 James | 2022-10-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. | |||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more | 2022-10-26 | 4.3 MEDIUM | 7.5 HIGH |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | |||||