tianjk99/Cryptographic-Misuses

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-51838 ↗	Feb 2, 2024Friday, 2 February 2024, 16:15	7.5 HIGH	—
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVE-2023-51837 ↗	Jan 30, 2024Tuesday, 30 January 2024, 01:15	9.8 CRITICAL	—
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVE-2023-51843 ↗	Jan 30, 2024Tuesday, 30 January 2024, 01:15	8.2 HIGH	—
react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.
CVE-2023-51839 ↗	Jan 29, 2024Monday, 29 January 2024, 20:15	9.1 CRITICAL	—
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVE-2023-51840 ↗	Jan 29, 2024Monday, 29 January 2024, 20:15	9.8 CRITICAL	—
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVE-2023-51842 ↗	Jan 29, 2024Monday, 29 January 2024, 20:15	7.5 HIGH	—
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVE-2023-50473 ↗	Dec 21, 2023Thursday, 21 December 2023, 11:15	5.4 MEDIUM	—
Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.
CVE-2023-50475 ↗	Dec 21, 2023Thursday, 21 December 2023, 11:15	9.1 CRITICAL	—
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
CVE-2023-50477 ↗	Dec 21, 2023Thursday, 21 December 2023, 11:15	9.8 CRITICAL	—
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.
CVE-2023-50481 ↗	Dec 21, 2023Thursday, 21 December 2023, 11:15	7.5 HIGH	—
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.