|
200271
|
4.7 |
MEDIUM
Local
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblindin…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-36424
|
2024-11-21 14:29 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200272
|
7.5 |
HIGH
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-36423
|
2024-11-21 14:29 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200273
|
5.3 |
MEDIUM
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbe…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-36422
|
2024-11-21 14:29 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200274
|
5.3 |
MEDIUM
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-36421
|
2024-11-21 14:29 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200275
|
7.5 |
HIGH
Network
|
polipo_project
|
polipo
|
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no…
|
CWE-617
Reachable Assertion
|
CVE-2020-36420
|
2024-11-21 14:29 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200276
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Des…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36416
|
2024-11-21 14:29 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200277
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Sty…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36415
|
2024-11-21 14:29 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200278
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36414
|
2024-11-21 14:29 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200279
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36413
|
2024-11-21 14:29 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200280
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" fie…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36412
|
2024-11-21 14:29 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
