Export limit exceeded: 326355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1461 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-11-21 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | ||||
| CVE-2021-29722 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-11-21 | 7.5 High |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | ||||
| CVE-2021-29704 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 7.5 High |
| IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2021-29694 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. | ||||
| CVE-2021-28095 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 4.8 Medium |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32. | ||||
| CVE-2021-28094 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.5 Medium |
| OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. | ||||
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.5 Medium |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. | ||||
| CVE-2021-27913 | 1 Acquia | 1 Mautic | 2024-11-21 | 3.5 Low |
| The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | ||||
| CVE-2021-27795 | 1 Broadcom | 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more | 2024-11-21 | 6.4 Medium |
| Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | ||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 4.8 Medium |
| Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | ||||
| CVE-2021-27756 | 1 Hcltech | 1 Bigfix Compliance | 2024-11-21 | 7.5 High |
| "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." | ||||
| CVE-2021-27499 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 5.9 Medium |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages. | ||||
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.5 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | ||||
| CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | ||||
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.8 High |
| SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). | ||||
| CVE-2021-27392 | 1 Siemens | 1 Siveillance Video Open Network Bridge | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. | ||||
| CVE-2021-27389 | 1 Siemens | 2 Opcenter Quality, Qms Automotive | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | ||||
| CVE-2021-26322 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 7.5 High |
| Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | ||||
| CVE-2021-25763 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | ||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | ||||