Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7449 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. | |||||
| CVE-2015-5361 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default. | |||||
| CVE-2015-4953 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. | |||||
| CVE-2014-0841 | 1 Ibm | 1 Rational Focal Point | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | |||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | |||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | |||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | |||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | |||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | |||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | |||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | |||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
| CVE-2023-6728 | 2024-11-05 | N/A | 3.3 LOW | ||
| Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | |||||
| CVE-2024-43382 | 2024-11-01 | N/A | 5.9 MEDIUM | ||
| Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. | |||||
| CVE-2024-45259 | 2024-10-28 | N/A | 6.5 MEDIUM | ||
| An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted. | |||||
| CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-10-09 | N/A | 7.8 HIGH |
| Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | |||||
| CVE-2024-47182 | 1 Amirraminfar | 1 Dozzle | 2024-10-04 | N/A | 7.5 HIGH |
| Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. | |||||
| CVE-2024-8455 | 1 Planet | 6 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 3 more | 2024-10-04 | N/A | 5.9 MEDIUM |
| The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. | |||||