Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36337 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.5 Medium |
| Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | ||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 6.5 Medium |
| An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | ||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2024-11-21 | 7.5 High |
| Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | ||||
| CVE-2021-32945 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2024-11-21 | 7.5 High |
| An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | ||||
| CVE-2021-32496 | 1 Sick | 2 Visionary-s Cx, Visionary-s Cx Firmware | 2024-11-21 | 5.3 Medium |
| SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks. | ||||
| CVE-2021-32010 | 1 Secomea | 27 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 24 more | 2024-11-21 | 5.6 Medium |
| Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. | ||||
| CVE-2021-28095 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 4.8 Medium |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32. | ||||
| CVE-2021-28094 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.5 Medium |
| OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. | ||||
| CVE-2021-28093 | 1 Open-xchange | 1 Open-xchange Documents | 2024-11-21 | 6.5 Medium |
| OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. | ||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 4.8 Medium |
| Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | ||||
| CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | ||||
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.8 High |
| SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). | ||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | ||||
| CVE-2021-25392 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. | ||||
| CVE-2021-23982 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 6.5 Medium |
| Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | ||||
| CVE-2021-23855 | 1 Bosch | 4 Rexroth Indramotion Mlc, Rexroth Indramotion Mlc Firmware, Rexroth Indramotion Xlc and 1 more | 2024-11-21 | 8.6 High |
| The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. | ||||
| CVE-2021-21507 | 1 Dell | 22 R1-2210, R1-2210 Firmware, R1-2401 and 19 more | 2024-11-21 | 8.8 High |
| Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | ||||
| CVE-2021-21474 | 1 Sap | 1 Hana Database | 2024-11-21 | 6.5 Medium |
| SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. | ||||
| CVE-2021-21387 | 1 Wrongthink | 1 Wrongthink | 2024-11-21 | 8.1 High |
| Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. | ||||
| CVE-2021-20406 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 2.2 Low |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184. | ||||