Total
721 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3143 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus, Jboss Enterprise Bpms Platform and 1 more | 2025-04-09 | 7.4 High |
| wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user. | ||||
| CVE-2022-4543 | 1 Linux | 1 Linux Kernel | 2025-04-08 | 5.5 Medium |
| A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | ||||
| CVE-2025-0361 | 2025-04-08 | 4.3 Medium | ||
| During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API. | ||||
| CVE-2023-37482 | 2025-04-08 | 5.3 Medium | ||
| The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. | ||||
| CVE-2022-42288 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-04-07 | 5.3 Medium |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | ||||
| CVE-2025-3031 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | 6.5 Medium |
| An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. | ||||
| CVE-2010-10006 | 1 Jopenid Project | 1 Jopenid | 2025-04-03 | 2.6 Low |
| A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460. | ||||
| CVE-2023-0440 | 1 Healthchecks | 1 Healthchecks | 2025-04-03 | 5.3 Medium |
| Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6. | ||||
| CVE-2025-26695 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.3 Medium |
| When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | ||||
| CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2025-04-03 | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | ||||
| CVE-2002-0514 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
| PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. | ||||
| CVE-2003-0190 | 4 Openbsd, Openpkg, Redhat and 1 more | 8 Openssh, Openpkg, Enterprise Linux and 5 more | 2025-04-03 | N/A |
| OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. | ||||
| CVE-2004-1428 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | N/A |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | ||||
| CVE-2001-1387 | 2 Netfilter, Redhat | 2 Iptables, Linux | 2025-04-03 | N/A |
| iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. | ||||
| CVE-2003-0637 | 1 Novell | 1 Ichain | 2025-04-03 | N/A |
| Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | ||||
| CVE-2002-0208 | 1 Network.associates | 1 Pgpfire | 2025-04-03 | N/A |
| PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. | ||||
| CVE-2000-1117 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | N/A |
| The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | ||||
| CVE-2002-2094 | 1 Joetesta | 1 Hellbent | 2025-04-03 | N/A |
| Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. | ||||
| CVE-2005-1650 | 1 Woppoware | 1 Postmaster | 2025-04-03 | N/A |
| The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | ||||
| CVE-2004-2150 | 1 Nettica | 1 Intellipeer Email Server | 2025-04-03 | N/A |
| Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. | ||||