Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-35624 | 1 Mediawiki | 1 Mediawiki | 2020-12-22 | 5.3 Medium |
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded. | ||||
CVE-2020-0464 | 1 Google | 1 Android | 2020-12-15 | 5.5 Medium |
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903 | ||||
CVE-2020-12912 | 1 Amd | 1 Energy Driver For Linux | 2020-12-03 | 5.5 Medium |
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. | ||||
CVE-2016-6489 | 3 Canonical, Nettle Project, Redhat | 6 Ubuntu Linux, Nettle, Enterprise Linux Desktop and 3 more | 2020-11-16 | 7.5 High |
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | ||||
CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-23 | 5.3 Medium |
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | ||||
CVE-2017-13098 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-java-crytography-api | 2020-10-20 | N/A |
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." | ||||
CVE-2020-4660 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 5.3 Medium |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. | ||||
CVE-2020-4699 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 5.3 Medium |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | ||||
CVE-2020-4661 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 5.3 Medium |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. | ||||
CVE-2020-15237 | 1 Shrinerb | 1 Shrine | 2020-10-19 | 5.9 Medium |
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory. | ||||
CVE-2020-3509 | 1 Cisco | 2 Cbr-8, Ios Xe | 2020-10-08 | 8.6 High |
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces | ||||
CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 7.5 High |
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||||
CVE-2018-0134 | 1 Cisco | 1 Mobility Services Engine | 2020-09-04 | 5.3 Medium |
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. | ||||
CVE-2020-25065 | 1 Google | 1 Android | 2020-09-01 | 7.5 High |
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). | ||||
CVE-2019-1020002 | 1 Pterodactyl | 1 Panel | 2020-08-24 | N/A |
Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | ||||
CVE-2019-2818 | 1 Oracle | 2 Jdk, Jre | 2020-08-24 | N/A |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
CVE-2019-6602 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | N/A |
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. | ||||
CVE-2019-7217 | 1 Citrix | 1 Sharefile | 2020-08-24 | N/A |
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required. | ||||
CVE-2019-11743 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 3.7 Low |
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
CVE-2019-10848 | 1 Computrols | 1 Computrols Building Automation Software | 2020-08-24 | N/A |
Computrols CBAS 18.0.0 allows Username Enumeration. |