Total
656 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21318 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21317 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21316 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21306 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21305 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21304 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21303 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21302 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21301 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21300 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21299 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21298 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21296 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-21293 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20583 | 1 Amd | 1 * | 2024-11-21 | 4.7 Medium |
| A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | ||||
| CVE-2023-20569 | 5 Amd, Debian, Fedoraproject and 2 more | 302 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 299 more | 2024-11-21 | 4.7 Medium |
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||||
| CVE-2023-0440 | 1 Healthchecks | 1 Healthchecks | 2024-11-21 | 5.3 Medium |
| Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6. | ||||
| CVE-2022-4823 | 1 Instedd | 1 Nuntium | 2024-11-21 | 3.1 Low |
| A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is 77236f7fd71a0e2eefeea07f9866b069d612cf0d. It is recommended to apply a patch to fix this issue. VDB-217002 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4543 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | ||||
| CVE-2022-4499 | 1 Tp-link | 4 Archer C5, Archer C5 Firmware, Tl-wr710n and 1 more | 2024-11-21 | 7.5 High |
| TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password. | ||||