Total
572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28208 | 1 Rocket.chat | 1 Rocket.chat | 2021-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. | |||||
| CVE-2014-4156 | 1 Proxmox | 1 Virtual Environment | 2021-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability | |||||
| CVE-2020-35624 | 1 Mediawiki | 1 Mediawiki | 2020-12-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded. | |||||
| CVE-2020-0464 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 5.5 MEDIUM |
| In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903 | |||||
| CVE-2020-12912 | 1 Amd | 1 Energy Driver For Linux | 2020-12-03 | 2.1 LOW | 5.5 MEDIUM |
| A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. | |||||
| CVE-2016-6489 | 3 Canonical, Nettle Project, Redhat | 6 Ubuntu Linux, Nettle, Enterprise Linux Desktop and 3 more | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | |||||
| CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2017-13098 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-java-crytography-api | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." | |||||
| CVE-2020-4660 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 2.9 LOW | 5.3 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. | |||||
| CVE-2020-4699 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 2.9 LOW | 5.3 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | |||||
| CVE-2020-4661 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-19 | 2.9 LOW | 5.3 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. | |||||
| CVE-2020-15237 | 1 Shrinerb | 1 Shrine | 2020-10-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory. | |||||
| CVE-2020-3509 | 1 Cisco | 2 Cbr-8, Ios Xe | 2020-10-08 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces | |||||
| CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | |||||
| CVE-2018-0134 | 1 Cisco | 1 Mobility Services Engine | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. | |||||
| CVE-2020-25065 | 1 Google | 1 Android | 2020-09-01 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). | |||||
| CVE-2018-3615 | 1 Intel | 30 Core I3, Core I5, Core I7 and 27 more | 2020-08-24 | 5.4 MEDIUM | 6.4 MEDIUM |
| Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2019-11743 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
| Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
| CVE-2019-6602 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. | |||||
| CVE-2019-1020002 | 1 Pterodactyl | 1 Panel | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | |||||