CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2022-05-10
Low
CVE-2022-20117

Vendor: Google
Software: Android
 

 
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A

 
2022-05-09
Medium
CVE-2021-20479

Vendor: IBM
Software: Cloud pak system
 

 
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

 
2022-04-19
Medium
CVE-2021-39076

Updating...
 

 
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.

 
2022-04-12
Medium
CVE-2022-22559

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.

 
2022-04-08
High
CVE-2022-26854

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access

 
2022-04-06
Medium
CVE-2021-32593

Vendor: Fortinet
Software: Fortiwan
 

 
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.

 
2022-04-01
Medium
CVE-2021-33018

Vendor: Philips
Software: Myvue
 

 
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.

 
2022-03-18
Low
CVE-2022-27191

Vendor: Golang
Software: GO
 

 
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.

 
2022-03-04
Low
CVE-2021-27756

Vendor: Hcltech
Software: Bigfix compl...
 

 
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."

 
2022-02-20
Low
CVE-2021-45081

Vendor: Cobbler project
Software: Cobbler
 

 
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top