CWE:
 

Topic
Date
Author
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
05.09.2014
CAaNES


CVEMAP Search Results

CVE
Details
Description
2020-09-14
Medium
CVE-2020-12788

Updating...
 

 
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

 
Medium
CVE-2020-11683

Vendor: Linux4sam
Software: At91bootstrap
 

 
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.

 
2020-08-31
High
CVE-2020-25065

Vendor: Google
Software: Android
 

 
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).

 
2020-08-20
Waiting for details
CVE-2020-15151

Updating...
 

 
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

 
2020-08-10
Medium
CVE-2020-17478

Vendor: P5-crypt-perl project
Software: P5-crypt-perl
 

 
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

 
2020-07-29
Low
CVE-2020-9690

Vendor: Magento
Software: Magento
 

 
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

 
2020-07-23
Medium
CVE-2020-11625

Updating...
 

 
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057.

 
2020-07-22
Low
CVE-2020-6531

Vendor: Google
Software: Chrome
 

 
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

 
2020-07-13
Low
CVE-2019-19338

Vendor: Linux
Software: Linux kernel
 

 
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

 
2020-07-09
Low
CVE-2020-12399

Vendor: Mozilla
Software: Firefox
 

 
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top