CVE-2024-23589 HCL Glovius Cloud is susceptible to an Outdated Hash Algorithm vulnerability

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs...

CVE-2024-23589

CVE-2024-23589 concerns HCL Glovius Cloud. The root cause is an outdated hashing algorithm that could allow attackers to guess input data via brute-force or dictionary attacks using GPUs/ASICs. Documented impact per CVSS metrics is high for confidentiality, integrity, and availability, with adjac...

PT-2025-23314 · Hcl · Hcl Glovius Cloud

Name of the Vulnerable Software and Affected Versions: HCL Glovius Cloud affected versions not specified Description: The issue is related to an outdated Hash algorithm used in HCL Glovius Cloud, which could allow attackers to efficiently guess input data using brute-force or dictionary attacks,...

HCL Glovius Cloud 安全漏洞

HCL Glovius Cloud is a modern CAD viewer for Windows, iOS, Android and Web browsers from HCL India. HCL Glovius Cloud has a security vulnerability that stems from the use of an outdated hashing algorithm that could lead to brute force cracking or dictionary attacks...

CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...

Google Chrome < 137.0.7151.55 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 137.0.7151.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 202505stable-channel-update-for-desktop27 advisory. - Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a...

CVE-2024-4774

The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox 126...

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

CVE-2023-30024

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer...

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

CVE-2019-8121

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries Bootstrap, jquery, Knockout with known security vulnerabilities...