Total
553 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-6570 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 4.3 Medium |
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | ||||
CVE-2020-6531 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 4.3 Medium |
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
CVE-2020-6473 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 6.5 Medium |
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
CVE-2020-6400 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-08-04 | 6.5 Medium |
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
CVE-2020-5929 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-08-04 | 5.9 Medium |
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. | ||||
CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-08-04 | 5.3 Medium |
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | ||||
CVE-2020-2102 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.3 Medium |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | ||||
CVE-2020-2101 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.3 Medium |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | ||||
CVE-2020-1926 | 1 Apache | 1 Hive | 2024-08-04 | 5.9 Medium |
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 | ||||
CVE-2020-1459 | 1 Microsoft | 2 Windows 10, Windows 10 1809 | 2024-08-04 | 7.5 High |
An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassing the speculative execution. | ||||
CVE-2020-0548 | 2 Intel, Redhat | 859 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 856 more | 2024-08-04 | 5.5 Medium |
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-0549 | 6 Canonical, Debian, Fedoraproject and 3 more | 863 Ubuntu Linux, Debian Linux, Fedora and 860 more | 2024-08-04 | 5.5 Medium |
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-0464 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903 | ||||
CVE-2021-45901 | 1 Servicenow | 1 Servicenow | 2024-08-04 | 5.3 Medium |
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. | ||||
CVE-2021-45925 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-08-04 | 5.3 Medium |
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
CVE-2021-44875 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-08-04 | 5.3 Medium |
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2021-44876 | 1 Dalmark | 1 Systeam Enterprise Resource Planning | 2024-08-04 | 5.3 Medium |
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2021-44848 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-08-04 | 5.3 Medium |
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | ||||
CVE-2021-44554 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-08-04 | 5.3 Medium |
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt. | ||||
CVE-2021-44421 | 1 Occlum Project | 1 Occlum | 2024-08-04 | 5.5 Medium |
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. |