Total
572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7959 | 1 Labvantage | 1 Labvantage | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist. | |||||
| CVE-2019-14353 | 1 Trezor | 2 One, One Firmware | 2021-07-21 | 1.9 LOW | 4.2 MEDIUM |
| On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. | |||||
| CVE-2020-11735 | 1 Wolfssl | 1 Wolfssl | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | |||||
| CVE-2019-13627 | 4 Canonical, Debian, Libgcrypt20 Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libgcrypt20 and 1 more | 2021-07-21 | 2.6 LOW | 6.3 MEDIUM |
| It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | |||||
| CVE-2019-13629 | 1 Matrixssl | 1 Matrixssl | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. | |||||
| CVE-2019-18850 | 1 Trustedsec | 1 Trevorc2 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY". | |||||
| CVE-2019-14360 | 1 Hyundai-pay | 1 Hk-1000 | 2021-07-21 | 1.9 LOW | 4.6 MEDIUM |
| On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | |||||
| CVE-2020-7962 | 1 Oneidentity | 1 Password Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. | |||||
| CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2021-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | |||||
| CVE-2021-0001 | 1 Intel | 4 Integrated Performance Primitives Cryptography, Sgx Dcap, Sgx Psw and 1 more | 2021-06-28 | 2.1 LOW | 4.7 MEDIUM |
| Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access. | |||||
| CVE-2021-31866 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. | |||||
| CVE-2021-27342 | 1 Dlink | 2 Dir-842e, Dir-842e Firmware | 2021-05-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack | |||||
| CVE-2021-29687 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018 | |||||
| CVE-2021-31406 | 1 Vaadin | 2 Flow, Vaadin | 2021-04-30 | 1.9 LOW | 2.5 LOW |
| Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. | |||||
| CVE-2021-31403 | 1 Vaadin | 1 Vaadin | 2021-04-30 | 1.9 LOW | 2.5 LOW |
| Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack | |||||
| CVE-2021-31404 | 1 Vaadin | 2 Flow, Vaadin | 2021-04-30 | 1.9 LOW | 2.5 LOW |
| Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack. | |||||
| CVE-2021-29443 | 1 Jose Project | 1 Jose | 2021-04-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory. | |||||
| CVE-2019-15809 | 5 Athena-scs, Cryptsoft, Microchip and 2 more | 5 Idprotect, S\/a Idflex V, Atmel Toolbox and 2 more | 2021-04-13 | 1.2 LOW | 4.7 MEDIUM |
| Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. | |||||
| CVE-2020-11683 | 1 Linux4sam | 1 At91bootstrap | 2021-04-08 | 4.6 MEDIUM | 6.8 MEDIUM |
| A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system. | |||||
| CVE-2020-1685 | 1 Juniper | 8 Junos, Qfx5100, Qfx5110 and 5 more | 2021-02-05 | 5.0 MEDIUM | 5.8 MEDIUM |
| When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. | |||||