ReportizFlow
Filtered by vendor
Subscriptions
Total
622 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0086 | 2 Fedoraproject, Intel | 12 Fedora, Brand Verification Tool, Celeron Processors and 9 more | 2024-11-21 | 6.5 Medium |
| Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0001 | 1 Intel | 4 Integrated Performance Primitives Cryptography, Sgx Dcap, Sgx Psw and 1 more | 2024-11-21 | 4.7 Medium |
| Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2020-9690 | 1 Magento | 1 Magento | 2024-11-21 | 4.2 Medium |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | ||||
| CVE-2020-9588 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | ||||
| CVE-2020-9389 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.7 Low |
| A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames. | ||||
| CVE-2020-8989 | 1 Voatz | 1 Voatz | 2024-11-21 | 5.3 Medium |
| In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters' abilities to vote for a candidate opposed by the attacker. | ||||
| CVE-2020-8695 | 4 Debian, Fedoraproject, Intel and 1 more | 605 Debian Linux, Fedora, Celeron 3855u and 602 more | 2024-11-21 | 5.5 Medium |
| Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-7962 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | 5.3 Medium |
| An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. | ||||
| CVE-2020-7959 | 1 Labvantage | 1 Labvantage | 2024-11-21 | 5.3 Medium |
| LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist. | ||||
| CVE-2020-6570 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | ||||
| CVE-2020-6531 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6473 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2020-6400 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-5929 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 5.9 Medium |
| In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. | ||||
| CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.3 Medium |
| SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | ||||
| CVE-2020-4699 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 5.3 Medium |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | ||||
| CVE-2020-4661 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 5.3 Medium |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. | ||||
| CVE-2020-4660 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 5.3 Medium |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. | ||||
| CVE-2020-4028 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 5.3 Medium |
| Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | ||||
| CVE-2020-3585 | 1 Cisco | 7 Adaptive Security Appliance Software, Firepower 1000, Firepower 1010 and 4 more | 2024-11-21 | 5.3 Medium |
| A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device | ||||