Search
Total
302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46900 | 1 Sympa | 1 Sympa | 2024-01-10 | N/A | 7.5 HIGH |
| Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. | |||||
| CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 7.5 HIGH |
| HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | |||||
| CVE-2019-18340 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-01-09 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. | |||||
| CVE-2023-34039 | 1 Vmware | 1 Aria Operations For Networks | 2024-01-09 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | |||||
| CVE-2023-5962 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-01-03 | N/A | 6.5 MEDIUM |
| A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | |||||
| CVE-2020-1596 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 2.9 LOW | 5.4 MEDIUM |
| <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p> | |||||
| CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2023-12-29 | N/A | 9.1 CRITICAL |
| An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | |||||
| CVE-2023-50481 | 1 Blinksocks | 1 Blinksocks | 2023-12-29 | N/A | 7.5 HIGH |
| An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. | |||||
| CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2023-12-22 | N/A | 5.3 MEDIUM |
| Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2022-43843 | 1 Ibm | 1 Spectrum Scale | 2023-12-19 | N/A | 7.5 HIGH |
| IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. | |||||
| CVE-2022-24403 | 1 Midnightblue | 1 Tetra\ | 2023-12-12 | N/A | 4.3 MEDIUM |
| The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. | |||||
| CVE-2021-27795 | 1 Broadcom | 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more | 2023-12-11 | N/A | 8.1 HIGH |
| Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | |||||
| CVE-2023-26024 | 1 Ibm | 1 Planning Analytics On Cloud Pak For Data | 2023-12-06 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | |||||
| CVE-2023-46233 | 1 Crypto-js Project | 1 Crypto-js | 2023-11-27 | N/A | 9.1 CRITICAL |
| crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. | |||||
| CVE-2023-47640 | 1 Datahub Project | 1 Datahub | 2023-11-22 | N/A | 8.8 HIGH |
| DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-45450 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2023-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||
| CVE-2020-7339 | 1 Mcafee | 1 Database Security | 2023-11-16 | 5.8 MEDIUM | 6.3 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors. | |||||
| CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2023-11-09 | 4.9 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | |||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||
| CVE-2023-38730 | 1 Ibm | 1 Storage Copy Data Management | 2023-08-29 | N/A | 7.5 HIGH |
| IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268. | |||||
| CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | |||||
| CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | |||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2023-08-16 | N/A | 7.1 HIGH |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2023-08-15 | N/A | 7.1 HIGH |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2019-1706 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa-5506-x, Asa-5506h-x and 6 more | 2023-08-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. | |||||
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2023-08-13 | 2.1 LOW | 4.6 MEDIUM |
| Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-37464 | 1 Cisco | 1 Cjose | 2023-08-09 | N/A | 7.5 HIGH |
| OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). | |||||
| CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2023-08-08 | N/A | 7.5 HIGH |
| Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
| CVE-2021-37588 | 1 Jhu | 1 Charm | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2023-08-08 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-25218 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2023-08-08 | 9.3 HIGH | 8.1 HIGH |
| The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). | |||||
| CVE-2021-2351 | 1 Oracle | 110 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 107 more | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-45696 | 1 Sha2 Project | 1 Sha2 | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used. | |||||
| CVE-2022-30273 | 1 Motorolasolutions | 1 Mdlc | 2023-08-08 | N/A | 9.8 CRITICAL |
| The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. | |||||
| CVE-2022-28164 | 1 Broadcom | 1 Sannav | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | |||||
| CVE-2021-45512 | 1 Netgear | 42 D7000, D7000 Firmware, D8500 and 39 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. | |||||
| CVE-2021-23839 | 3 Openssl, Oracle, Siemens | 8 Openssl, Business Intelligence, Enterprise Manager For Storage Management and 5 more | 2023-08-08 | 4.3 MEDIUM | 3.7 LOW |
| OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). | |||||
| CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | |||||
| CVE-2022-2097 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Active Iq Unified Manager and 12 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | |||||
| CVE-2022-28382 | 1 Verbatim | 8 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 5 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. | |||||
| CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||||
| CVE-2022-30187 | 1 Microsoft | 2 Azure Storage Blobs, Azure Storage Queue | 2023-08-08 | 1.9 LOW | 4.7 MEDIUM |
| Azure Storage Library Information Disclosure Vulnerability | |||||
| CVE-2022-0377 | 1 Thimpress | 1 Learnpress | 2023-08-02 | 3.5 LOW | 4.3 MEDIUM |
| Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. | |||||
| CVE-2022-1252 | 1 Gnuboard | 1 Gnuboard5 | 2023-08-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents | |||||
| CVE-2021-38933 | 3 Ibm, Linux, Oracle | 4 Aix, Sterling Connect\, Linux Kernel and 1 more | 2023-07-28 | N/A | 7.5 HIGH |
| IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. | |||||
| CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2022-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | |||||
| CVE-2022-34757 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2022-07-27 | N/A | 5.3 MEDIUM |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior) | |||||
| CVE-2022-34632 | 1 Linuxfoundation | 1 Rocket Chip Generator | 2022-07-26 | N/A | 9.1 CRITICAL |
| Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. | |||||
| CVE-2021-45486 | 1 Linux | 1 Linux Kernel | 2022-07-25 | 2.7 LOW | 3.5 LOW |
| In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | |||||
| CVE-2021-45485 | 2 Linux, Netapp | 20 Linux Kernel, Baseboard Management Controller H300e, Baseboard Management Controller H300s and 17 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | |||||