Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Observable Discrepancy, Buffer Over-read, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

OpenBSD OpenSSH Information Disclosure Vulnerability (CVE-2020-14145)

OpenBSD OpenSSH is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

openssh: Observable discrepancy leading to an information leak in the algorithm negotiation

A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has be...

initialBalance and finalBalance calculated in a different way

Handle gpersoon Vulnerability details Impact The function executeTrades of Slingshot.sol calulates the initialBalance and finalBalance in a different way. If toToken == nativeToken then: initialBalance == executioner.balance; finalBalance == wrappedNativeToken.balanceOfaddressexecutioner This cou...

NewStart CGSL CORE 5.04 / MAIN 5.04 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0113)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has microcodectl packages installed that are affected by multiple vulnerabilities: - Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-20376

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

Buffer overflow

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

Observable Response Discrepancy in Lost Password Service

Impact It is possible to enumerate usernames via the forgot password functionality Patches Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually...

CVE-2021-34576

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information water consumption without distinct values to third parties...

Information disclosure

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information water consumption without distinct values to third parties...

CVE-2021-39189 Observable Response Discrepancy in Lost Password Service

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...

RHEL 7 : microcode_ctl (RHSA-2021:3323)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3323 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache...

Exploit for Observable Discrepancy in Servicenow

CVE-2021-45901 ServiceNow - Username Enumeration !service-...

RHEL 7 : microcode_ctl (RHSA-2021:3322)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3322 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache...

hw: observable timing discrepancy in some Intel Processors

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

hw: observable timing discrepancy in some Intel Processors

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

hw: observable timing discrepancy in some Intel Processors

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

hw: observable timing discrepancy in some Intel Processors

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Incorrect implementation of the Streebog hash functions in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...