Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26451 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 7.5 High |
| Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | ||||
| CVE-2023-24478 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 5.5 Medium |
| Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-11-21 | 7.4 High |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | ||||
| CVE-2023-20016 | 1 Cisco | 39 Firepower 4100, Firepower 4110, Firepower 4112 and 36 more | 2024-11-21 | 6.3 Medium |
| A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials. | ||||
| CVE-2022-40299 | 1 Singular | 1 Singular | 2024-11-21 | 7.8 High |
| In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | ||||
| CVE-2022-37400 | 1 Apache | 1 Openoffice | 2024-11-21 | 8.8 High |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice | ||||
| CVE-2022-36536 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | 9.8 Critical |
| An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. | ||||
| CVE-2022-34295 | 1 Totd Project | 1 Totd | 2024-11-21 | 6.5 Medium |
| totd before 1.5.3 does not properly randomize mesg IDs. | ||||
| CVE-2022-33707 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 5.3 Medium |
| Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. | ||||
| CVE-2022-32296 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | ||||
| CVE-2022-32284 | 1 Yokogawa | 2 Aw810d, Aw810d Firmware | 2024-11-21 | 7.5 High |
| Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. | ||||
| CVE-2022-30782 | 1 Openmoney Api Project | 1 Openmoney Api | 2024-11-21 | 7.5 High |
| Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. | ||||
| CVE-2022-30629 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2024-11-21 | 3.1 Low |
| Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | ||||
| CVE-2022-30295 | 2 Uclibc, Uclibc-ng Project | 2 Uclibc, Uclibc-ng | 2024-11-21 | 6.5 Medium |
| uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. | ||||
| CVE-2022-29930 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 8.7 High |
| SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | ||||
| CVE-2022-29808 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 7.5 High |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | ||||
| CVE-2022-29330 | 1 Vitalpbx | 1 Vitalpbx | 2024-11-21 | 4.9 Medium |
| Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | ||||
| CVE-2022-29035 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 3.3 Low |
| In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | ||||
| CVE-2022-28355 | 1 Scala-js | 1 Scala.js | 2024-11-21 | 7.5 High |
| randomUUID in Scala.js before 1.10.0 generates predictable values. | ||||
| CVE-2022-27577 | 1 Sick | 2 Msc800, Msc800 Firmware | 2024-11-21 | 9.1 Critical |
| The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | ||||