CWE:
 

Tytuł
Data
Autor
Med.
Oracle Database Weak NNE Integrity Key Derivation
13.12.2021
Moritz Bechler
Med.
CyberArk Credential Provider Local Cache Decryption
04.09.2021
Klayton Monroe
Med.
CyberArk Credential Provider Race Condition / Authorization Bypass
04.09.2021
Klayton Monroe


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-10
Low
CVE-2021-40006

Vendor: Huawei
Software: Harmonyos
 

 
The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.

 
2022-01-06
Medium
CVE-2021-45458

Vendor: Apache
Software: Kylin
 

 
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

 
2022-01-05
Medium
CVE-2022-21653

Vendor: Typelevel
Software: JAWN
 

 
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

 
2021-12-30
Medium
CVE-2021-20161

Updating...
 

 
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.

 
2021-12-27
Waiting for details
CVE-2021-24998

Updating...
 

 
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.

 
2021-12-21
Medium
CVE-2021-36337

Vendor: DELL
Software: Wyse managem...
 

 
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.

 
2021-12-13
Medium
CVE-2021-38947

Updating...
 

 
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

 
2021-12-10
Medium
CVE-2021-37188

Updating...
 

 
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

 
2021-12-06
Medium
CVE-2021-22170

Vendor: Gitlab
Software: Gitlab
 

 
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content

 
2021-12-01
Medium
CVE-2021-20400

Updating...
 

 
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top