Filtered by CWE-203
Filtered by vendor Subscriptions
Total 606 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-13666 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 7.4 High
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13629 1 Matrixssl 1 Matrixssl 2024-11-21 5.9 Medium
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.
CVE-2019-13628 1 Wolfssl 1 Wolfssl 2024-11-21 4.7 Medium
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.
CVE-2019-13627 5 Canonical, Debian, Libgcrypt20 Project and 2 more 5 Ubuntu Linux, Debian Linux, Libgcrypt20 and 2 more 2024-11-21 6.3 Medium
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
CVE-2019-13599 1 Control-webpanel 1 Webpanel 2024-11-21 5.3 Medium
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.
CVE-2019-13456 4 Freeradius, Linux, Opensuse and 1 more 4 Freeradius, Linux Kernel, Leap and 1 more 2024-11-21 6.5 Medium
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2019-13420 1 Search-guard 1 Search Guard 2024-11-21 5.9 Medium
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
CVE-2019-13383 1 Control-webpanel 1 Webpanel 2024-11-21 5.3 Medium
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVE-2019-13377 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 5.9 Medium
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
CVE-2019-12953 1 Dropbear Ssh Project 1 Dropbear Ssh 2024-11-21 5.3 Medium
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.
CVE-2019-12743 1 Humhub 1 Social Network Kit 2024-11-21 N/A
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.
CVE-2019-12383 1 Torproject 1 Tor Browser 2024-11-21 4.3 Medium
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
CVE-2019-11743 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2024-11-21 3.7 Low
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVE-2019-11578 1 Dhcpcd Project 1 Dhcpcd 2024-11-21 5.9 Medium
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
CVE-2019-11135 9 Canonical, Debian, Fedoraproject and 6 more 312 Ubuntu Linux, Debian Linux, Fedora and 309 more 2024-11-21 6.5 Medium
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-11091 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Data Sampling Uncacheable Memory, Microarchitectural Data Sampling Uncacheable Memory Firmware and 10 more 2024-11-21 N/A
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-10848 1 Computrols 1 Computrols Building Automation Software 2024-11-21 N/A
Computrols CBAS 18.0.0 allows Username Enumeration.
CVE-2019-10764 1 Simplito 1 Elliptic-php 2024-11-21 7.4 High
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
CVE-2019-10483 1 Qualcomm 104 Apq8009, Apq8009 Firmware, Apq8016 and 101 more 2024-11-21 5.5 Medium
Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
CVE-2019-10233 1 Glpi-project 1 Glpi 2024-11-21 8.1 High
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.