Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21293 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20583 | 1 Amd | 1 * | 2024-11-21 | N/A | 4.7 MEDIUM |
| A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | |||||
| CVE-2023-20569 | 4 Amd, Debian, Fedoraproject and 1 more | 296 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 293 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | |||||
| CVE-2023-1540 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1538 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-0440 | 1 Healthchecks | 1 Healthchecks | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6. | |||||
| CVE-2022-4823 | 1 Instedd | 1 Nuntium | 2024-11-21 | N/A | 3.1 LOW |
| A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is 77236f7fd71a0e2eefeea07f9866b069d612cf0d. It is recommended to apply a patch to fix this issue. VDB-217002 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4087 | 1 Ipxe | 1 Ipxe | 2024-11-21 | N/A | 2.6 LOW |
| A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4025 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) | |||||
| CVE-2022-48251 | 1 Arm | 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
| The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." | |||||
| CVE-2022-46724 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | N/A | 2.4 LOW |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. | |||||
| CVE-2022-45177 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. | |||||
| CVE-2022-45163 | 1 Nxp | 46 I.mx 6, I.mx 6 Firmware, I.mx 6dual and 43 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) | |||||
| CVE-2022-43412 | 1 Jenkins | 1 Generic Webhook Trigger | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2022-43411 | 1 Jenkins | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2022-42288 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | |||||
| CVE-2022-41914 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A | 3.7 LOW |
| Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected. | |||||
| CVE-2022-41354 | 1 Linuxfoundation | 1 Argo-cd | 2024-11-21 | N/A | 4.3 MEDIUM |
| An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | |||||
| CVE-2022-40982 | 5 Debian, Intel, Netapp and 2 more | 1052 Debian Linux, Celeron 5205u, Celeron 5205u Firmware and 1049 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-40895 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A | 9.1 CRITICAL |
| In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=. | |||||