Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27987 | 1 Apache | 1 Linkis | 2024-11-21 | 9.1 Critical |
| In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token | ||||
| CVE-2023-26943 | 1 Assaabloy | 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-11-21 | 6.5 Medium |
| Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | ||||
| CVE-2023-21145 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20942 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-11-21 | 7.4 High |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | ||||
| CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2024-11-21 | 7.5 High |
| Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | ||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | 5.9 Medium |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | ||||
| CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2024-11-21 | 9.1 Critical |
| IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | ||||
| CVE-2022-46825 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | ||||
| CVE-2022-46783 | 1 Stormshield | 1 Ssl Vpn Client | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. | ||||
| CVE-2022-45379 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 7.5 High |
| Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | ||||
| CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2024-11-21 | 5.2 Medium |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | ||||
| CVE-2022-40745 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | 5.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. | ||||
| CVE-2022-3433 | 1 Haskell | 1 Aeson | 2024-11-21 | 6.5 Medium |
| The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. | ||||
| CVE-2022-3273 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 9.8 Critical |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-38659 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2024-11-21 | 6 Medium |
| In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | ||||
| CVE-2022-36555 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-11-21 | 9.8 Critical |
| Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | ||||
| CVE-2022-35931 | 1 Nextcloud | 1 Password Policy | 2024-11-21 | 2.7 Low |
| Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. | ||||