CWE:

	Tytuł	Data	Autor
High	QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities	18.08.2017	Nahuel D. Sanchez, VVV...
Low	ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse	05.09.2014	CAaNES

---

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2022-07-06

Medium

CVE-2022-20752

Vendor: Cisco Software: Unified comm...

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

2022-06-24

Medium

CVE-2021-41634

Vendor: Melag Software: Ftp server

A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.

2022-06-23

Medium

CVE-2022-34174

Vendor: Jenkins Software: Jenkins

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.

2022-06-09

Low

CVE-2022-0823

Updating...

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

2022-06-08

Low

CVE-2022-32273

Vendor: Opswat Software: Metadefender

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.

2022-05-20

CVE-2022-29185

Updating...

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds.

2022-03-30

Low	CVE-2021-39791	Vendor: Google Software: Android	In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606
Low	CVE-2021-39775	Vendor: Google Software: Android	In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854
Low	CVE-2021-39773	Vendor: Google Software: Android	In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656
Low	CVE-2021-39766	Vendor: Google Software: Android	In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421

 

---

Copyright 2022, cxsecurity.com