Total
335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21424 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2022-10-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. | |||||
| CVE-2022-40084 | 1 Opencrx | 1 Opencrx | 2022-10-21 | N/A | 5.3 MEDIUM |
| OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | |||||
| CVE-2022-43412 | 1 Jenkins | 1 Generic Webhook Trigger | 2022-10-20 | N/A | 5.3 MEDIUM |
| Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2022-43411 | 1 Jenkins | 1 Gitlab | 2022-10-20 | N/A | 5.3 MEDIUM |
| Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2022-39308 | 1 Thoughtworks | 1 Gocd | 2022-10-18 | N/A | 5.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function. | |||||
| CVE-2022-40895 | 1 Nedi | 1 Nedi | 2022-10-07 | N/A | 9.1 CRITICAL |
| In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=. | |||||
| CVE-2021-38153 | 3 Apache, Oracle, Quarkus | 8 Kafka, Communications Brm - Elastic Charging Engine, Communications Cloud Native Core Policy and 5 more | 2022-10-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. | |||||
| CVE-2022-35888 | 1 Amperecomputing | 6 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 3 more | 2022-10-03 | N/A | 6.5 MEDIUM |
| Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | |||||
| CVE-2022-32296 | 1 Linux | 1 Linux Kernel | 2022-09-28 | 2.1 LOW | 3.3 LOW |
| The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | |||||
| CVE-2022-36105 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 5.3 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue. | |||||
| CVE-2021-22892 | 1 Rocket.chat | 1 Rocket.chat | 2022-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. | |||||
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2022-08-26 | N/A | 5.3 MEDIUM |
| All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | |||||
| CVE-2022-34623 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 5.3 MEDIUM |
| Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt. | |||||
| CVE-2021-46778 | 1 Amd | 358 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 355 more | 2022-08-19 | N/A | 5.6 MEDIUM |
| Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. | |||||
| CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more | 2022-08-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||
| CVE-2022-37459 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2022-08-18 | N/A | 7.8 HIGH |
| Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | |||||
| CVE-2022-20324 | 1 Google | 1 Android | 2022-08-18 | N/A | 5.5 MEDIUM |
| In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187042120 | |||||
| CVE-2022-20318 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694069 | |||||
| CVE-2022-20320 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596 | |||||
| CVE-2022-20291 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203430648 | |||||