Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20400 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074. | ||||
| CVE-2021-20369 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 5.9 Medium |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | ||||
| CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 7.5 High |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | ||||
| CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2024-11-21 | 7.5 High |
| ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | ||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2024-11-21 | 6.5 Medium |
| In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | ||||
| CVE-2020-9128 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 4.4 Medium |
| FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. | ||||
| CVE-2020-8761 | 1 Intel | 1 Converged Security And Manageability Engine | 2024-11-21 | 4.6 Medium |
| Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2020-7565 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 7.3 High |
| A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | ||||
| CVE-2020-7069 | 9 Canonical, Debian, Fedoraproject and 6 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 5.4 Medium |
| In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | ||||
| CVE-2020-6966 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-11-21 | 10.0 Critical |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network. | ||||
| CVE-2020-5938 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.5 Medium |
| On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | ||||
| CVE-2020-5917 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 5.9 Medium |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | ||||
| CVE-2020-5886 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 9.1 Critical |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | ||||
| CVE-2020-5885 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 9.1 Critical |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | ||||
| CVE-2020-5763 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 8.8 High |
| Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | ||||
| CVE-2020-5224 | 1 Django-user-sessions Project | 1 Django-user-sessions | 2024-11-21 | 6.5 Medium |
| In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | ||||
| CVE-2020-4099 | 1 Hcltech | 1 Verse | 2024-11-21 | 5.9 Medium |
| The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | ||||
| CVE-2020-3929 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2024-11-21 | 5.9 Medium |
| GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. | ||||
| CVE-2020-35221 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.8 High |
| The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | ||||
| CVE-2020-27208 | 2 Nitrokey, Solokeys | 6 Fido2, Fido2 Firmware, Solo and 3 more | 2024-11-21 | 6.8 Medium |
| The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface. | ||||