Total
394 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25102 | 2024-11-21 | 7.8 High | ||
| This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. | ||||
| CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2024-11-21 | 7.5 High |
| Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | ||||
| CVE-2024-23580 | 2024-11-21 | 6.5 Medium | ||
| HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values. | ||||
| CVE-2024-23579 | 2024-11-21 | 6.5 Medium | ||
| HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values. | ||||
| CVE-2024-22894 | 2 Alpha-innotec, Novelan | 4 Heat Pumps, Heat Pumps Firmware, Heat Pumps and 1 more | 2024-11-21 | 6.8 Medium |
| An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file. | ||||
| CVE-2024-1224 | 2024-11-21 | 7.1 High | ||
| This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system. | ||||
| CVE-2023-7237 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2024-11-21 | 5.7 Medium |
| Lantronix XPort sends weakly encoded credentials within web request headers. | ||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2024-11-21 | 5.5 Medium |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | ||||
| CVE-2023-4129 | 1 Dell | 1 Data Protection Central | 2024-11-21 | 5.9 Medium |
| Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | ||||
| CVE-2023-48051 | 1 Carglglz | 1 Upydev | 2024-11-21 | 7.5 High |
| An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | ||||
| CVE-2023-48034 | 1 Acer | 2 Sk-9662, Sk-9662 Firmware | 2024-11-21 | 6.1 Medium |
| An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. | ||||
| CVE-2023-47373 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47372 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47370 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47369 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. | ||||
| CVE-2023-47368 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47367 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47366 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47365 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||
| CVE-2023-47363 | 1 Linecorp | 1 Line | 2024-11-21 | 6.5 Medium |
| The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | ||||