CWE:
 

Tytuł
Data
Autor
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
05.09.2014
CAaNES


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-10-19
Medium
CVE-2021-38476

Updating...
 

 
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.

 
2021-10-18
Medium
CVE-2021-38562

Vendor: Bestpractical
Software: Request tracker
 

 
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

 
2021-10-13
Low
CVE-2021-26318

Updating...
 

 
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

 
2021-09-22
Low
CVE-2021-38153

Vendor: Apache
Software: Kafka
 

 
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.

 
2021-09-16
Waiting for details
CVE-2021-34576

Updating...
 

 
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

 
2021-08-10
Low
CVE-2020-25082

Updating...
 

 
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

 
2021-08-08
Low
CVE-2021-38209

Vendor: Linux
Software: Linux kernel
 

 
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.

 
2021-08-05
Low
CVE-2021-3642

Vendor: Redhat
Software: Wildfly elytron
 

 
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.

 
2021-08-02
Low
CVE-2021-35477

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

 
Low
CVE-2021-34556

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top