Search
Search Results (434 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8455 | 2 Planet, Planet Technology Corp | 9 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 6 more | 2024-10-04 | 8.1 High |
| The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. | ||||
| CVE-2021-38121 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.3 High |
| Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | ||||
| CVE-2024-42163 | 1 Fiware | 1 Keyrock | 2024-08-29 | 8.3 High |
| Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | ||||
| CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | 6.7 Medium |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | ||||
| CVE-2024-21787 | 1 Bmra Software | 1 Bmra Software | 2024-08-14 | 6.4 Medium |
| Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-40719 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | 6.5 Medium |
| The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it. | ||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-08-07 | 9.8 Critical |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | ||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-08-06 | 7.5 High |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | ||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | ||||
| CVE-2024-32758 | 1 Johnsoncontrols | 2 Exacqvision Client, Exacqvision Server | 2024-08-06 | N/A |
| Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | ||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-08-06 | 7.4 High |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | ||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-08-06 | 7.5 High |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | ||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-08-06 | 9.8 Critical |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | ||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-08-06 | 7.5 High |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | ||||