| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. |
| In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. |
| In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. |
| An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. |
| An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. |
| An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. |
| LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. |
| Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. |
| main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. |
| Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. |
| GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. |
| GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. |
