Total
363 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28124 | 1 Ui | 1 Desktop | 2024-02-04 | N/A | 5.5 MEDIUM |
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | |||||
CVE-2023-30351 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | |||||
CVE-2023-23597 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.5 MEDIUM |
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. | |||||
CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.3 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | |||||
CVE-2023-29054 | 1 Siemens | 26 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 23 more | 2024-02-04 | N/A | 7.4 HIGH |
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
CVE-2023-24502 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2024-02-04 | N/A | 6.5 MEDIUM |
Electra Central AC unit – The unit opens an AP with an easily calculated password. | |||||
CVE-2023-36748 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-02-04 | N/A | 6.8 MEDIUM |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. | |||||
CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2024-02-04 | N/A | 9.1 CRITICAL |
IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | |||||
CVE-2022-45141 | 1 Samba | 1 Samba | 2024-02-04 | N/A | 9.8 CRITICAL |
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | |||||
CVE-2022-34385 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-02-04 | N/A | 5.5 MEDIUM |
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
CVE-2022-4036 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-02-04 | N/A | 5.3 MEDIUM |
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | |||||
CVE-2022-43922 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-02-04 | N/A | 6.5 MEDIUM |
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | |||||
CVE-2023-21444 | 1 Samsung | 1 Flow | 2024-02-04 | N/A | 8.8 HIGH |
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
CVE-2022-38659 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2024-02-04 | N/A | 7.8 HIGH |
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | |||||
CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-04 | N/A | 7.5 HIGH |
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2024-02-04 | N/A | 3.3 LOW |
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | |||||
CVE-2023-21443 | 1 Samsung | 1 Flow | 2024-02-04 | N/A | 8.8 HIGH |
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
CVE-2022-2640 | 2024-02-04 | N/A | 7.5 HIGH | ||
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). | |||||
CVE-2020-4099 | 1 Hcltech | 1 Verse | 2024-02-04 | N/A | 7.5 HIGH |
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | |||||
CVE-2022-3433 | 1 Haskell | 1 Aeson | 2024-02-04 | N/A | 6.5 MEDIUM |
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. |