CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmwa...

CVE-2022-46832

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmwa...

CVE-2022-46832

CVE-2022-46832 affects SICK RFU62x firmware pre-2.21. The issue arises when a user requests encryption with a weak cipher suite via SSH, enabling a low-privilege remote attacker to decrypt data due to use of a broken/risky cryptographic algorithm. A patch/update to version 2.21 or later is availa...

CVE-2022-27581

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

CVE-2022-46833

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

CVE-2022-46833

The CVE-2022-46833 entry describes a vulnerability in SICK RFU63x firmware prior to version 2.21 where requesting weak cipher suites via SSH enables a low-privileged remote attacker to decrypt data due to use of a broken/risky cryptographic algorithm. Impact is confidentiality loss (C:H) with net...

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Siemens SCALANCE Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-27581

SICK RFU61x firmware prior to v2.25 is affected by a vulnerability where a broken or risky cryptographic algorithm enables a low-privileged remote attacker to decrypt data if weak cipher suites are used for SSH encryption. Impact is confidentiality-only (C:H, I/N/A). Exploitation is via SSH over ...

PT-2022-6084

Name of the Vulnerable Software and Affected Versions Samba Active Directory DCs affected versions not specified Description The issue is related to the use of the RC4-HMAC cryptographic algorithm in the implementation of the Heimdal Kerberos protocol in Samba. This can allow a remote attacker to...

Important: golang-googlecode-net

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: go-rpm-macros

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-github-gorilla-mux

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-github-syndtr-gocapability

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golist

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

CVE-2022-37177

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence...