Lucene search
+L

123 matches found

OSV
OSV
added 2024/02/20 2:15 p.m.8 views

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5.3CVSS6.9AI score0.00527EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 2:15 p.m.22 views

Design/Logic Flaw

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5CVSS7.3AI score0.00527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 1:17 p.m.22 views

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5.3CVSS7AI score0.00527EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/20 1:17 p.m.24 views

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5.3CVSS5.5AI score0.00527EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.6 views

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security that originates from a remote access command that can be used to learn if a specific user account exists on...

5.3CVSS6.9AI score0.004EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.5 views

ZITADEL Authorization Issues Vulnerability

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL in Switzerland. An authorization issue vulnerability exists in ZITADEL 2.37.2 and earlier versions, which stems from the fact that an...

5.3CVSS6.8AI score0.00532EPSS
Exploits0References4
NVD
NVD
added 2023/03/12 5:15 a.m.26 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

3.7CVSS4AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2023/03/12 5:15 a.m.6 views

CVE-2021-46876

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

5.3CVSS5.5AI score0.00507EPSS
Exploits0References2
NVD
NVD
added 2023/03/12 5:15 a.m.25 views

CVE-2021-46876

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

5.3CVSS5.2AI score0.00507EPSS
Exploits0References2
Prion
Prion
added 2023/03/12 5:15 a.m.17 views

Code injection

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

5CVSS5.2AI score0.00507EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/12 5:15 a.m.17 views

Code injection

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

2.6CVSS4.1AI score0.00458EPSS
Exploits0References3Affected Software7
Vulnrichment
Vulnrichment
added 2023/03/12 12:0 a.m.6 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

4.1AI score0.00458EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/12 12:0 a.m.3 views

Ez Systems eZ Platform 竞争条件问题漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Platform Ibexa Kernel versions prior to 1.3.19. An attacker could exploit the vulnerability to determine the existence of an account v...

3.7CVSS5.1AI score0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/03/12 12:0 a.m.29 views

CVE-2021-46876

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

5.5AI score0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/12 12:0 a.m.24 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

4.5AI score0.00458EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/12 12:0 a.m.6 views

CVE-2021-46876

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

7.1AI score0.00507EPSS
Exploits0References2
CVE
CVE
added 2023/03/12 12:0 a.m.69 views

CVE-2021-46876

Affected product: eZ Publish Ibexa Kernel prior to 7.5.15.1. Vulnerability: the /user/sessions endpoint can be abused to determine whether a given username or email corresponds to a valid account, enabling information disclosure. Underlying cause: listed in CVE description as an account-existence...

5.3CVSS5.2AI score0.00507EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/12 12:0 a.m.25 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

3.7CVSS4.5AI score0.00458EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...

5CVSS8.2AI score0.02472EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-2768

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...

4.3CVSS8.3AI score0.08654EPSS
Exploits0References3
Rows per page
Query Builder