CWE:
 

Tytuł
Data
Autor
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
05.09.2014
CAaNES


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-07-06
Medium
CVE-2022-20752

Vendor: Cisco
Software: Unified comm...
 

 
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

 
2022-06-24
Medium
CVE-2021-41634

Vendor: Melag
Software: Ftp server
 

 
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.

 
2022-06-23
Medium
CVE-2022-34174

Vendor: Jenkins
Software: Jenkins
 

 
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.

 
2022-06-09
Low
CVE-2022-0823

Updating...
 

 
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

 
2022-06-08
Low
CVE-2022-32273

Vendor: Opswat
Software: Metadefender
 

 
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.

 
2022-05-20
Waiting for details
CVE-2022-29185

Updating...
 

 
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds.

 
2022-03-30
Low
CVE-2021-39791

Vendor: Google
Software: Android
 

 
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606

 
Low
CVE-2021-39775

Vendor: Google
Software: Android
 

 
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854

 
Low
CVE-2021-39773

Vendor: Google
Software: Android
 

 
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656

 
Low
CVE-2021-39766

Vendor: Google
Software: Android
 

 
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421

 

 


Copyright 2022, cxsecurity.com

 

Back to Top