Total
552 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4660 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-09-16 | 5.3 Medium |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. | ||||
| CVE-2021-31403 | 1 Vaadin | 1 Vaadin | 2024-09-16 | 4 Medium |
| Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack | ||||
| CVE-2020-4699 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-09-16 | 5.3 Medium |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | ||||
| CVE-2020-1685 | 1 Juniper | 8 Junos, Qfx5100, Qfx5110 and 5 more | 2024-09-16 | 5.8 Medium |
| When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. | ||||
| CVE-2021-29687 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-09-16 | 5.3 Medium |
| IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018 | ||||
| CVE-2021-39021 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-16 | 5.3 Medium |
| IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856. | ||||
| CVE-2020-1968 | 5 Canonical, Debian, Fujitsu and 2 more | 25 Ubuntu Linux, Debian Linux, M10-1 and 22 more | 2024-09-16 | 3.7 Low |
| The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). | ||||
| CVE-2021-26313 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2024-09-16 | 5.5 Medium |
| Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. | ||||
| CVE-2018-3615 | 1 Intel | 30 Core I3, Core I5, Core I7 and 27 more | 2024-09-16 | N/A |
| Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2018-3640 | 2 Arm, Intel | 199 Cortex-a, Atom C, Atom E and 196 more | 2024-09-16 | N/A |
| Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. | ||||
| CVE-2017-8055 | 1 Watchguard | 1 Fireware | 2024-09-16 | N/A |
| WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox. | ||||
| CVE-2022-22356 | 1 Ibm | 1 Mq Appliance | 2024-09-16 | 6.5 Medium |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | ||||
| CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2024-09-16 | N/A |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
| CVE-2017-13098 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-java-crytography-api | 2024-09-16 | N/A |
| BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." | ||||
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2024-09-16 | 5.3 Medium |
| All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | ||||
| CVE-2024-23984 | 2024-09-16 | 5.3 Medium | ||
| Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-0914 | 2 Opencryptoki Project, Redhat | 3 Opencryptoki, Enterprise Linux, Rhel Eus | 2024-09-16 | 5.9 Medium |
| A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. | ||||
| CVE-2023-5992 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-16 | 5.6 Medium |
| A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. | ||||
| CVE-2017-10690 | 2 Puppet, Redhat | 4 Puppet, Puppet Enterprise, Satellite and 1 more | 2024-09-16 | N/A |
| In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 | ||||
| CVE-2017-18268 | 1 Broadcom | 1 Symantec Intelligencecenter | 2024-09-16 | 5.9 Medium |
| Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||