Total
513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38009 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-37968 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-37151 | 1 Cyberark | 1 Identity | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords. | |||||
| CVE-2021-35477 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. | |||||
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | |||||
| CVE-2021-33560 | 4 Debian, Fedoraproject, Gnupg and 1 more | 8 Debian Linux, Fedora, Libgcrypt and 5 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | |||||
| CVE-2021-29621 | 2 Apache, Flask-appbuilder Project | 2 Airflow, Flask-appbuilder | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve. | |||||
| CVE-2021-26314 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | |||||
| CVE-2021-21424 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. | |||||
| CVE-2021-21181 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2021-21173 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-1486 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. | |||||
| CVE-2021-0089 | 3 Debian, Fedoraproject, Intel | 12 Debian Linux, Fedora, Celeron Processors and 9 more | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0086 | 2 Fedoraproject, Intel | 12 Fedora, Brand Verification Tool, Celeron Processors and 9 more | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||||
| CVE-2020-8695 | 3 Debian, Fedoraproject, Intel | 600 Debian Linux, Fedora, Celeron 3855u and 597 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-6531 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6473 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6400 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-3585 | 1 Cisco | 7 Adaptive Security Appliance Software, Firepower 1000, Firepower 1010 and 4 more | 2023-11-07 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device | |||||
| CVE-2020-35480 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. | |||||