Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34757 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2022-07-27 | 5.3 Medium |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior) | ||||
| CVE-2022-34632 | 1 Linuxfoundation | 1 Rocket Chip Generator | 2022-07-26 | 9.1 Critical |
| Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. | ||||
| CVE-2021-34687 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2022-07-12 | 5.3 Medium |
| iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. | ||||
| CVE-2020-36315 | 1 Relic Project | 1 Relic | 2022-07-12 | 5.3 Medium |
| In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | ||||
| CVE-2020-4965 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2022-07-12 | 7.5 High |
| IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. | ||||
| CVE-2021-20337 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 7.5 High |
| IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448. | ||||
| CVE-2021-22170 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 7.5 High |
| Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content | ||||
| CVE-2021-29694 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2022-07-12 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. | ||||
| CVE-2021-29794 | 1 Ibm | 1 Tivoli Netcool\/impact | 2022-07-12 | 7.5 High |
| IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556. | ||||
| CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2022-07-12 | 7.5 High |
| An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | ||||
| CVE-2021-37546 | 1 Jetbrains | 1 Teamcity | 2022-07-12 | 5.3 Medium |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | ||||
| CVE-2021-37587 | 1 Jhu | 1 Charm | 2022-07-12 | 6.5 Medium |
| In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. | ||||
| CVE-2022-31230 | 1 Dell | 1 Powerscale Onefs | 2022-07-11 | 9.8 Critical |
| Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. | ||||
| CVE-2022-28622 | 1 Hpe | 2 Storeonce 3640, Storeonce 3640 Firmware | 2022-07-07 | 7.5 High |
| A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | ||||
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2022-06-27 | 9.0 Critical |
| An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | ||||
| CVE-2022-24296 | 1 Mitsubishi | 40 Ae-200a, Ae-200a Firmware, Ae-200e and 37 more | 2022-06-17 | 7.5 High |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. | ||||
| CVE-2020-27611 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-06-15 | 7.3 High |
| BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | ||||
| CVE-2022-30111 | 1 Mck Smartlock Project | 1 Mck Smartlock | 2022-05-26 | 6.8 Medium |
| Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. | ||||
| CVE-2022-20117 | 1 Google | 1 Android | 2022-05-17 | 5.5 Medium |
| In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | ||||
| CVE-2021-20479 | 1 Ibm | 1 Cloud Pak System | 2022-05-16 | 7.5 High |
| IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. | ||||