91 matches found
CVE-2021-0978
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...
EUVD-2018-11967
Malware in sbrugna...
EUVD-2023-25469
Malicious code in bioql PyPI...
EUVD-2022-25564
Malicious code in bioql PyPI...
EUVD-2023-41369
Malicious code in bioql PyPI...
EUVD-2023-25484
Malicious code in bioql PyPI...
EUVD-2023-25485
Malicious code in bioql PyPI...
EUVD-2022-25553
Malicious code in bioql PyPI...
EUVD-2023-25500
Malicious code in bioql PyPI...
EUVD-2023-25486
Malicious code in bioql PyPI...
EUVD-2023-25504
Malicious code in bioql PyPI...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
CVE-2023-37482 affects Siemens SIMATIC web servers (e.g., SIMATIC S7-1200/1500 family). The vulnerability stems from login response timing not being normalized, enabling an unauthenticated remote attacker to perform user enumeration by distinguishing valid vs. invalid usernames via a side channel...
RHEL 9 : gnutls (RHSA-2024:2889)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2889 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...
RHEL 8 : gnutls (RHSA-2024:2044)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2044 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...
Moderate: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
CVE-2023-6135
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
Google Android elevation of privilege vulnerability (CNVD-2024-07127)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to the disclosure of side-channel information in the BTMble.cc script BTMBleVerifySignature, which can be exploited by an attacker to gain elevated...
CVE-2023-40090
In BTMBleVerifySignature of btmble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...