Total
608 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29217 | 2 Fedoraproject, Pyjwt Project | 2 Fedora, Pyjwt | 2025-04-23 | 7.4 High |
| PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. | ||||
| CVE-2022-29249 | 1 Javaez Project | 1 Javaez | 2025-04-23 | 7.5 High |
| JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. | ||||
| CVE-2022-31157 | 1 Packback | 1 Lti 1.3 Tool Library | 2025-04-23 | 7.5 High |
| LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds. | ||||
| CVE-2022-39237 | 1 Sylabs | 1 Singularity Image Format | 2025-04-23 | 6.3 Medium |
| syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | ||||
| CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2025-04-23 | 4.6 Medium |
| An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | ||||
| CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-04-23 | 5.9 Medium |
| IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | ||||
| CVE-2022-27581 | 1 Sick | 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more | 2025-04-22 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2023-51392 | 1 Silabs | 1 Emberznet | 2025-04-22 | 6.2 Medium |
| Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | ||||
| CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2025-04-22 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2025-04-22 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2025-04-21 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2025-3838 | 2025-04-21 | N/A | ||
| An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024. | ||||
| CVE-2022-46140 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-04-21 | 6.5 Medium |
| Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. | ||||
| CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. | ||||
| CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2025-04-20 | N/A |
| Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | ||||
| CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | N/A |
| The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | ||||
| CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | ||||
| CVE-2016-3702 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-20 | N/A |
| Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | ||||
| CVE-2015-0226 | 2 Apache, Redhat | 7 Wss4j, Jboss Amq, Jboss Data Grid and 4 more | 2025-04-20 | N/A |
| Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. | ||||
| CVE-2017-3539 | 3 Debian, Oracle, Redhat | 15 Debian Linux, Jdk, Jre and 12 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | ||||