Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37397 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | 3.6 Low |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. | ||||
| CVE-2023-36539 | 1 Zoom | 14 Meetings, Poly Ccx 600, Poly Ccx 600 Firmware and 11 more | 2024-11-21 | 5.3 Medium |
| Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | ||||
| CVE-2023-34971 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.1 High |
| An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later | ||||
| CVE-2023-34337 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 7.6 High |
| AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | ||||
| CVE-2023-30132 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | ||||
| CVE-2023-28896 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-11-21 | 3.3 Low |
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | ||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.9 Medium |
| The BigFix WebUI uses weak cipher suites. | ||||
| CVE-2023-27987 | 1 Apache | 1 Linkis | 2024-11-21 | 9.1 Critical |
| In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token | ||||
| CVE-2023-26943 | 1 Assaabloy | 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-21145 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20942 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-11-21 | 7.4 High |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | ||||
| CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2024-11-21 | 7.5 High |
| Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | ||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | 5.9 Medium |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | ||||
| CVE-2022-46783 | 1 Stormshield | 1 Ssl Vpn Client | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. | ||||
| CVE-2022-45379 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 7.5 High |
| Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | ||||
| CVE-2022-40745 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | 5.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. | ||||
| CVE-2022-3433 | 1 Haskell | 1 Aeson | 2024-11-21 | 6.5 Medium |
| The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. | ||||