Total
566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3979 | 2 Fedoraproject, Redhat | 8 Fedora, Ceph Storage, Ceph Storage For Ibm Z Systems and 5 more | 2025-02-13 | 6.5 Medium |
| A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | ||||
| CVE-2024-31510 | 1 Open Quantum Safe | 1 Liboqs | 2025-02-13 | 9.8 Critical |
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. | ||||
| CVE-2025-22475 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | 3.7 Low |
| Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering. | ||||
| CVE-2022-45170 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user. | ||||
| CVE-2023-50781 | 2 M2crypto Project, Redhat | 5 M2crypto, Enterprise Linux, Rhev Hypervisor and 2 more | 2025-02-07 | 7.5 High |
| A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2022-43934 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.5 Medium |
| Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | ||||
| CVE-2024-28980 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | 6.5 Medium |
| Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | ||||
| CVE-2022-40722 | 1 Pingidentity | 3 Pingfederate, Pingid Adapter For Pingfederate, Pingid Integration Kit | 2025-02-04 | 7.7 High |
| A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | ||||
| CVE-2024-37137 | 1 Dell | 1 Cloudlink | 2025-02-03 | 3.8 Low |
| Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. | ||||
| CVE-2023-27557 | 1 Ibm | 1 Safer Payments | 2025-01-30 | 5.9 Medium |
| IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | ||||
| CVE-2023-30441 | 2 Ibm, Redhat | 6 Infosphere Information Server, Java, Websphere Application Server and 3 more | 2025-01-30 | 7.5 High |
| IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | ||||
| CVE-2022-22313 | 1 Ibm | 1 Qradar Data Synchronization | 2025-01-29 | 4.4 Medium |
| IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | ||||
| CVE-2024-26317 | 2025-01-28 | 6.1 Medium | ||
| In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. | ||||
| CVE-2022-3365 | 2025-01-28 | 9.8 Critical | ||
| Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved. | ||||
| CVE-2022-36937 | 1 Facebook | 1 Hhvm | 2025-01-27 | 9.8 Critical |
| HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. | ||||
| CVE-2024-38320 | 1 Ibm | 2 Storage Protect Backup Archive Client, Storage Protect For Virtual Enviornments Data Protection For Vmware | 2025-01-27 | 5.9 Medium |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2023-28244 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-23 | 8.1 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2025-01-22 | 5.9 Medium |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | ||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-01-21 | 5.9 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2023-0452 | 1 Econolite | 1 Eos | 2025-01-16 | 9.8 Critical |
| Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. | ||||