Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5939 matches found

OSV
OSVadded 2023/08/27 11:15 p.m.3 views

CVE-2023-38730

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

7.5CVSS5.8AI score
Exploits0References2
OpenVAS
OpenVASadded 2023/08/25 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-6307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.6AI score0.006EPSS
Exploits1References2
OSV
OSVadded 2023/08/24 10:2 p.m.3 views

USN-6307-1 cjose vulnerability

It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service system crash or might expose sensitive information...

8.6CVSS5.8AI score0.006EPSS
Exploits1References2
NVD
NVDadded 2023/08/24 5:15 p.m.21 views

CVE-2023-34971

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following...

8.8CVSS7.3AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/08/24 4:14 p.m.24 views

CVE-2023-34971 QTS, QuTS hero

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following...

7.1CVSS8.7AI score0.00094EPSS
Exploits0References1
OSV
OSVadded 2023/08/22 9:15 p.m.2 views

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS5.6AI score0.00855EPSS
Exploits0References5
NVD
NVDadded 2023/08/22 9:15 p.m.25 views

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.4AI score0.00855EPSS
Exploits0References5
Prion
Prionadded 2023/08/22 9:15 p.m.30 views

Design/Logic Flaw

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

5CVSS7.2AI score0.00855EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichmentadded 2023/08/22 8:31 p.m.17 views

CVE-2023-33850 IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.3AI score0.00855EPSS
Exploits0References3
CVE
CVEadded 2023/08/22 8:31 p.m.192 views

CVE-2023-33850

CVE-2023-33850 involves IBM GSKit-Crypto and a timing-based side channel in the RSA Decryption routine that could allow a remote attacker to obtain sensitive information. The connected IBM bulletins enumerate this CVE among others and indicate affected IBM products (e.g., a range of IBM Java/SDK/...

7.5CVSS7.4AI score0.00855EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/08/22 8:31 p.m.33 views

CVE-2023-33850 IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.3AI score0.00855EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/08/22 12:0 a.m.2 views

PT-2023-24517 · Ibm +1 · Ibm Gskit-Crypto +2

Name of the Vulnerable Software and Affected Versions: IBM GSKit-Crypto affected versions not specified Description: The issue is caused by a timing-based side channel in the RSA Decryption implementation, allowing a remote attacker to obtain sensitive information by sending an overly large numbe...

7.5CVSS5.9AI score0.01026EPSS
Exploits0References59
Amazon
Amazonadded 2023/08/21 12:0 a.m.42 views

Medium: qemu

Issue Overview: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values...

6.5CVSS7.1AI score0.00234EPSS
Exploits0
Packet Storm
Packet Stormadded 2023/08/16 12:0 a.m.513 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
NVD
NVDadded 2023/08/11 8:15 p.m.19 views

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

7.5CVSS7.5AI score0.01131EPSS
Exploits2References4
Prion
Prionadded 2023/08/11 8:15 p.m.30 views

Hardcoded credentials

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

5CVSS7.5AI score0.01131EPSS
Exploits2References4Affected Software6
Vulnrichment
Vulnrichmentadded 2023/08/11 12:0 a.m.13 views

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

6.8AI score0.01131EPSS
Exploits2References4
Cvelist
Cvelistadded 2023/08/11 12:0 a.m.26 views

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

7.7AI score0.01131EPSS
Exploits2References4
OpenVAS
OpenVASadded 2023/08/10 12:0 a.m.8 views

Debian: Security Advisory (DSA-5472-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.6AI score0.006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2023/08/09 12:0 a.m.27 views

Debian DSA-5472-1 : cjose - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5472 advisory. It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard, may allow an attacker to provide a...

8.6CVSS7.3AI score0.006EPSS
Exploits1References7
Rows per page
Query Builder