Total
714 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20252 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224547584
|
|||||
| CVE-2022-20251 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225881167
|
|||||
| CVE-2022-20249 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226900861
|
|||||
| CVE-2022-20242 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212
|
|||||
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2024-11-21 | N/A | 5.3 MEDIUM |
|
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
|
|||||
| CVE-2022-1318 | 1 Carrier | 2 Hills Comnav, Hills Comnav Firmware | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically s ...
Show More |
|||||
| CVE-2022-1146 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2022-1139 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
|
|||||
| CVE-2021-4294 | 1 Redhat | 2 Openshift Container Platform, Openshift Osin | 2024-11-21 | N/A | 2.6 LOW |
|
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
|
|||||
| CVE-2021-4286 | 1 Pysrp Project | 1 Pysrp | 2024-11-21 | N/A | 2.6 LOW |
|
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.
|
|||||
| CVE-2021-46778 | 1 Amd | 358 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 355 more | 2024-11-21 | N/A | 5.6 MEDIUM |
|
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
|
|||||
| CVE-2021-46744 | 1 Amd | 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
|
|||||
| CVE-2021-45925 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
|
|||||
| CVE-2021-45901 | 1 Servicenow | 1 Servicenow | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
|
|||||
| CVE-2021-44876 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.
|
|||||
| CVE-2021-44875 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.
|
|||||
| CVE-2021-44848 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
|
|||||
| CVE-2021-44554 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt.
|
|||||
| CVE-2021-44421 | 1 Occlum Project | 1 Occlum | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.
|
|||||
| CVE-2021-43823 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess format ...
Show More |
|||||
| CVE-2021-43398 | 1 Cryptopp | 1 Crypto\+\+ | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this report is disputed by the vendor and multiple third parties. The execution-time differences are intentional. A user may make a choice of a longer key as a tradeoff between strength and performance. ...
Show More |
|||||
| CVE-2021-41634 | 1 Melag | 1 Ftp Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.
|
|||||
| CVE-2021-3642 | 2 Quarkus, Redhat | 13 Quarkus, Build Of Quarkus, Codeready Studio and 10 more | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
|
|||||
| CVE-2021-39791 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606
|
|||||
| CVE-2021-39788 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014
|
|||||
| CVE-2021-39775 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854
|
|||||
| CVE-2021-39773 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656
|
|||||
| CVE-2021-39766 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421
|
|||||
| CVE-2021-39761 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181
|
|||||
| CVE-2021-39760 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526
|
|||||
| CVE-2021-39756 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287
|
|||||
| CVE-2021-39755 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407
|
|||||
| CVE-2021-39754 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709
|
|||||
| CVE-2021-39745 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671
|
|||||
| CVE-2021-39744 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136
|
|||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
|
|||||
| CVE-2021-39021 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.
|
|||||
| CVE-2021-38562 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
|
|||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.
|
|||||