Search Results (1717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39252 1 Matrix 1 Matrix-rust-sdk 2025-04-23 8.6 High
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.
CVE-2022-39254 1 Matrix-nio Project 1 Matrix-nio 2025-04-23 8.6 High
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.
CVE-2022-39237 1 Sylabs 1 Singularity Image Format 2025-04-23 6.3 Medium
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.
CVE-2023-41097 1 Silabs 1 Gecko Software Development Kit 2025-04-23 4.6 Medium
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
CVE-2022-46825 1 Jetbrains 1 Intellij Idea 2025-04-23 4 Medium
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
CVE-2022-34361 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more 2025-04-23 5.9 Medium
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
CVE-2022-21653 1 Typelevel 1 Jawn 2025-04-22 5.9 Medium
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.
CVE-2022-24860 1 Databasir Project 1 Databasir 2025-04-22 7.4 High
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.
CVE-2022-27581 1 Sick 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more 2025-04-22 6.5 Medium
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2023-51392 1 Silabs 1 Emberznet 2025-04-22 6.2 Medium
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVE-2022-46834 1 Sick 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more 2025-04-22 6.5 Medium
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46833 1 Sick 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more 2025-04-22 6.5 Medium
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46832 1 Sick 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more 2025-04-21 6.5 Medium
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVE-2022-46140 1 Siemens 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more 2025-04-21 6.5 Medium
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
CVE-2017-8157 1 Huawei 4 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware, Oceanstor 6900 V3 and 1 more 2025-04-20 N/A
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.
CVE-2016-9243 3 Canonical, Cryptography.io, Fedoraproject 3 Ubuntu Linux, Cryptography, Fedora 2025-04-20 7.5 High
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2017-14262 1 Samsung 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more 2025-04-20 N/A
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
CVE-2017-2391 1 Apple 3 Keynote, Numbers, Pages 2025-04-20 N/A
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
CVE-2017-9136 1 Mimosa 2 Backhaul Radios, Client Radios 2025-04-20 N/A
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).
CVE-2017-5186 2 Netiq, Novell 4 Edirectory, Imanager, Edirectory and 1 more 2025-04-20 N/A
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.