Total
513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33838 | 1 Luca-app | 1 Luca | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration. | |||||
| CVE-2022-20275 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205836975 | |||||
| CVE-2022-20277 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205145497 | |||||
| CVE-2022-20279 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302 | |||||
| CVE-2022-24032 | 1 Adenza | 1 Axiomsl Controllerview | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid. | |||||
| CVE-2022-1139 | 1 Google | 1 Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1146 | 1 Google | 1 Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-20276 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205706731 | |||||
| CVE-2022-37146 | 1 Plextrac | 1 Plextrac | 2023-08-08 | N/A | 5.3 MEDIUM |
| The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated. | |||||
| CVE-2021-37606 | 1 Meow Hash Project | 1 Meow Hash | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences. | |||||
| CVE-2023-37217 | 1 Tadirantele | 1 Aeonix | 2023-08-04 | N/A | 5.3 MEDIUM |
| Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy | |||||
| CVE-2023-20583 | 1 Amd | 1 * | 2023-08-04 | N/A | 4.7 MEDIUM |
| A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | |||||
| CVE-2023-3462 | 1 Hashicorp | 1 Vault | 2023-08-04 | N/A | 5.3 MEDIUM |
| HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5. | |||||
| CVE-2022-0569 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | |||||
| CVE-2022-1318 | 1 Carrier | 2 Hills Comnav, Hills Comnav Firmware | 2023-07-24 | 2.1 LOW | 5.5 MEDIUM |
| Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required. | |||||
| CVE-2022-32218 | 1 Rocket.chat | 1 Rocket.chat | 2023-07-21 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | |||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2023-07-19 | N/A | 6.5 MEDIUM |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | |||||
| CVE-2023-35698 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2023-07-18 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | |||||
| CVE-2023-3336 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-07-10 | N/A | 5.3 MEDIUM |
| TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | |||||
| CVE-2022-24784 | 1 Statamic | 1 Statamic | 2023-06-30 | 4.3 MEDIUM | 3.7 LOW |
| Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. | |||||