Export limit exceeded: 355230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2024-11-26 | 9.1 Critical |
| An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | ||||
| CVE-2018-15397 | 1 Cisco | 2 Adaptive Security Appliance Software, Secure Firewall Management Center | 2024-11-26 | 6.8 Medium |
| A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition. | ||||
| CVE-2020-3549 | 1 Cisco | 2 Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 8.1 High |
| A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | ||||
| CVE-2018-0131 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-26 | N/A |
| A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | ||||
| CVE-2018-0448 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-26 | 9.8 Critical |
| A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. | ||||
| CVE-2024-10920 | 1 Mariazevedo88 | 1 Travels-java-api | 2024-11-22 | 3.1 Low |
| A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51556 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-22 | 6.5 Medium |
| This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users. | ||||
| CVE-2019-1828 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2024-11-21 | N/A |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. | ||||
| CVE-2019-1586 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | 4.6 Medium |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | ||||
| CVE-2023-34338 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 7.1 High |
| AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | ||||
| CVE-2023-34471 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 6.3 Medium |
| AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication. | ||||
| CVE-2024-6890 | 1 Journyx | 1 Journyx | 2024-11-21 | 8.8 High |
| Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | ||||
| CVE-2024-6299 | 1 Conduit | 1 Conduit | 2024-11-21 | 4.8 Medium |
| Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date | ||||
| CVE-2024-5559 | 1 Schneider-electric | 2 Powerlogic P5, Powerlogic P5 Firmware | 2024-11-21 | 6.1 Medium |
| CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | ||||
| CVE-2024-45273 | 3 Helmholz, Mb Connect Line, Mbconnectline | 35 Myrex24.virtual, Myrex24 V2, Myrex24 V2 Virtual Server and 32 more | 2024-11-21 | 8.4 High |
| An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | ||||
| CVE-2024-39731 | 1 Ibm | 1 Datacap | 2024-11-21 | 5.9 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970. | ||||
| CVE-2024-36121 | 1 Netty | 1 Netty-incubator-codec-ohttp | 2024-11-21 | 5.9 Medium |
| netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. | ||||
| CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.5 Medium |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-32911 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29175 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | 5.9 Medium |
| Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information. | ||||