Total
513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33880 | 2 Oracle, Websockets Project | 5 Communications Cloud Native Core Policy, Communications Cloud Native Core Security Edge Protection Proxy, Communications Cloud Native Core Service Communication Proxy and 2 more | 2022-05-12 | 2.6 LOW | 5.9 MEDIUM |
| The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. | |||||
| CVE-2020-27211 | 1 Nordicsemi | 2 Nrf52840, Nrf52840 Firmware | 2022-05-03 | 3.3 LOW | 5.7 MEDIUM |
| Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase. | |||||
| CVE-2021-20376 | 1 Ibm | 1 Sterling B2b Integrator | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. | |||||
| CVE-2019-16394 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2022-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | |||||
| CVE-2020-14145 | 2 Netapp, Openbsd | 10 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 7 more | 2022-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. | |||||
| CVE-2020-13844 | 2 Arm, Opensuse | 15 Cortex-a32, Cortex-a32 Firmware, Cortex-a34 and 12 more | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | |||||
| CVE-2022-22356 | 1 Ibm | 1 Mq Appliance | 2022-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | |||||
| CVE-2019-3732 | 2 Dell, Emc | 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Rsa Bsafe Crypto-c | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2019-3731 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2020-11576 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2022-04-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. | |||||
| CVE-2021-39761 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181 | |||||
| CVE-2021-39760 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526 | |||||
| CVE-2021-39766 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421 | |||||
| CVE-2021-39773 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656 | |||||
| CVE-2021-39791 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606 | |||||
| CVE-2021-39788 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014 | |||||
| CVE-2021-39775 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854 | |||||
| CVE-2021-39756 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287 | |||||
| CVE-2021-39755 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407 | |||||
| CVE-2021-39754 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709 | |||||