CVE-2025-3939

CVE-2025-3939 describes an observable response discrepancy in Tridium Niagara Framework and Tridium Niagara Enterprise Security that could enable cryptanalysis. Affected software and versions include Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: bef...

CVE-2016-15015

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...

CVE-2013-10006

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The...

CVE-2014-125056

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

CVE-2010-10006

A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...

PT-2025-22498 · Ubtech +1 · Freepass +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to an observable discrepancy, which may allow for information disclosure. No specific details about affected devices or real-world incidents are provided. Recommendation...

CVE-2025-48015 Observable Response Discrepancy

Failed login response could be different depending on whether the username was local or central...

CVE-2025-48015 Observable Response Discrepancy

Failed login response could be different depending on whether the username was local or central...

PT-2025-22051 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a discrepancy in the year used in references to a specific issue, with some sources incorrectly using 2025 instead of 2024. Recommendations: At the moment, there is no information...

CVE-2024-51447

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.2. The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to...

Citrix Virtual Apps - Mouse pointer looks big inside published application

Administrators might notice that in a multimonitor setup where the main screen is set to 200% scaling and the secondary screen to 100% scaling, when the published application is moved from the 100% scaled monitor to the 200% scaled monitor, the Mouse pointer size becomes bigger as expected both...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Core to version 10.8.10...

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism allows a hacker to compromise the integrity of the protected information.

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism is related to a discrepancy between the declared functionality of the DisableForwarding directive in the documentation. Exploiting this vulnerability could allow an attacker to compromise the integrity of the...

GO-2025-3618 Mattermost vulnerable to Observable Timing Discrepancy in github.com/mattermost/mattermost-plugin-msteams

Mattermost vulnerable to Observable Timing Discrepancy in github.com/mattermost/mattermost-plugin-msteams. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2025-38637

The CVE CVE-2025-38637 affects the Linux kernel skbprio queue in net_sched when used as a child qdisc under Token Bucket Filter (TBF). The root cause is an overly strict assertion in skbprio enqueue/dequeue that can miscount lengths because TBF may peek at packets without dequeueing when tokens a...

Mattermost vulnerable to Observable Timing Discrepancy

Mattermost Plugin MSTeams versions 2.1.0 and Mattermost Server versions 10.5.x =10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack...

Director is not showing correct number of active sessions

Director is not showing correct number of active sessions. Number of active session in Studio console does not match with Director - Filters -Sessions option...

CVE-2024-56476

IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy...

Information Exposure

Overview org.apache.maven.scm:maven-scm-providers-git is a SCM Provider implementation for Git Affected versions of this package are vulnerable to Information Exposure due to improper handling of passwords in different components. When a git password contains special characters, a discrepancy in...

CVE-2024-51477

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy...