Total
572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12399 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-01-04 | 1.2 LOW | 4.4 MEDIUM |
| NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | |||||
| CVE-2019-13456 | 4 Freeradius, Linux, Opensuse and 1 more | 4 Freeradius, Linux Kernel, Leap and 1 more | 2022-01-01 | 2.9 LOW | 6.5 MEDIUM |
| In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. | |||||
| CVE-2020-11713 | 1 Wolfssl | 1 Wolfssl | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | |||||
| CVE-2020-35398 | 1 Utimf | 1 Uti Mutual Fund Invest Online | 2021-12-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. | |||||
| CVE-2021-44554 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2021-12-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt. | |||||
| CVE-2021-44875 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2021-12-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2021-44876 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2021-12-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2021-1015 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 3.3 LOW |
| In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 | |||||
| CVE-2021-1032 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 3.3 LOW |
| In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 | |||||
| CVE-2021-1031 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 3.3 LOW |
| In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 | |||||
| CVE-2021-1009 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 | |||||
| CVE-2021-1014 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 | |||||
| CVE-2021-1013 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 | |||||
| CVE-2021-1012 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 | |||||
| CVE-2021-1005 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 | |||||
| CVE-2021-1018 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 3.3 LOW |
| In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891 | |||||
| CVE-2021-0988 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 3.3 LOW |
| In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 | |||||
| CVE-2021-0987 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 3.3 LOW |
| In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | |||||
| CVE-2021-1030 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 5.5 MEDIUM |
| In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697001 | |||||
| CVE-2021-0990 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 3.3 LOW |
| In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 | |||||