CWE:
 

Topic
Date
Author
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
05.09.2014
CAaNES


CVEMAP Search Results

CVE
Details
Description
2019-12-20
Low
CVE-2015-8313

Vendor: GNU
Software: Gnutls
 

 
GnuTLS incorrectly validates the first byte of padding in CBC modes

 
2019-11-29
Low
CVE-2015-0837

Vendor: Gnupg
Software: Gnupg
 

 
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

 
2019-10-03
Low
CVE-2019-13628

Vendor: Wolfssl
Software: Wolfssl
 

 
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.

 
2019-09-30
Medium
CVE-2019-3732

Vendor: EMC
Software: Rsa bsafe
 

 
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

 
Medium
CVE-2019-3731

Vendor: EMC
Software: Rsa bsafe
 

 
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

 
2019-09-25
Medium
CVE-2019-6651

Vendor: F5
Software: Big-ip acces...
 

 
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.

 
2019-09-21
Medium
CVE-2019-16669

Vendor: Pagekit
Software: Pagekit
 

 
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

 
2019-09-18
Low
CVE-2019-3739

Vendor: RSA
Software: Bsafe cert-j
 

 
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

 
2019-09-16
Low
CVE-2019-13140

Vendor: Intenogroup
Software: Eg200 firmware
 

 
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.

 
2019-09-10
Medium
CVE-2019-11465

Vendor: Couchbase
Software: Couchbase server
 

 
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top