Security Bulletin: IBM InfoSphere Information Server is vulnerable due to an observable response discrepancy (CVE-2024-51477)

Summary An observable response discrepancy vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51477 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable respons...

CVE-2025-30344

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password e.g., more than 100 milliseconds...

CVE-2025-30344

OpenSlides before 4.2.5 is affected by a timing-side channel vulnerability in /system/auth/login/. The response time differs depending on whether a user exists because password hashing is omitted in login handling, enabling potential information disclosure. The documented impact is a low-to-mediu...

CVE-2025-30152

CVE-2025-30152 : The Sylius PayPal Plugin (for PayPal Commerce) has an order manipulation vulnerability after PayPal Checkout. Before versions 1.6.2, 1.7.2, and 2.0.2, a user can return to the order summary page and modify the cart contents, potentially causing the merchant to receive less paymen...

The vulnerability of the pfifo_tail_enqueue() function (net/sched/sch_fifo.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pfifotailenqueue function net/sched/schfifo.c in the Linux operating system is related to a discrepancy in functionality according to the specification. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

CVE-2025-1101

CVE-2025-1101 affects Q-Free MaxTime <= 2.11.0. A CWE-204 vulnerability in the login page allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests. The issue is triggered by an observable response discrepancy in the authentication flow, enabling user enu...

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

CVE-2024-54772

Summary: MikroTik RouterOS Winbox exposes a username-enumeration flaw due to a timing/response-size discrepancy. Affected: long-term 6.43.13–6.49.13 and stable 6.43–7.17.2; patch available in stable 6.49.18 (and upgrade to 7.18+). Practical impact: enables attackers to enumerate valid accounts. R...

CVE-2023-37413

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy...

CVE-2023-37413

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy...

CVE-2023-37413

IBM Aspera Faspex ≤ 5.0.10 is affected by an information-disclosure vulnerability (CVE-2023-37413) caused by an observable response discrepancy that could reveal sensitive username information. Affected product/versions: IBM Aspera Faspex 5.0.0 through 5.0.10. Remediation: upgrade to IBM Aspera F...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. An information disclosure vulnerability exists in IBM Aspera Faspex that stems from an observable response discrepancy that could be exploited by an attacker...

GHSA-P953-3J66-HG45 Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

Account Enumeration

umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...

IBM Sterling File Gateway 安全漏洞

IBM Sterling File Gateway is a file transfer software package from International Business Machines IBM. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A security vulnerability exists in IBM Sterling...

CVE-2024-35114

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts...