CWE:
 

Tytuł
Data
Autor
Med.
Oracle Database Weak NNE Integrity Key Derivation
13.12.2021
Moritz Bechler
Med.
CyberArk Credential Provider Local Cache Decryption
04.09.2021
Klayton Monroe
Med.
CyberArk Credential Provider Race Condition / Authorization Bypass
04.09.2021
Klayton Monroe


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-10-11
Waiting for details
CVE-2022-41209

Updating...
 

 
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

 
2022-08-31
Waiting for details
CVE-2022-2758

Updating...
 

 

 
2022-07-08
Medium
CVE-2022-22464

Vendor: IBM
Software: Security ver...
 

 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.

 
2022-05-06
Low
CVE-2022-28164

Vendor: Broadcom
Software: Sannav
 

 
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

 
2022-05-04
Medium
CVE-2021-32010

Vendor: Secomea
Software: Linkmanager
 

 
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

 
2022-05-03
Medium
CVE-2022-22368

Updating...
 

 
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.

 
2022-04-20
Waiting for details
CVE-2022-1318

Updating...
 

 
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

 
2022-04-11
Medium
CVE-2022-0828

Vendor: Wpdownloadmanager
Software: Wordpress do...
 

 
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

 
2022-04-06
Medium
CVE-2021-45104

Vendor: WISC
Software: Htcondor
 

 
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.

 
2022-03-25
Low
CVE-2022-24784

Vendor: Statamic
Software: Statamic
 

 
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top