CVE-2024-31074

Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...

CVE-2024-52043

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation user enumeration.This issue affects all released HumHub versions: through 1.16.2...

AZL-52426 CVE-2024-9681 affecting package mysql for versions less than 8.0.40-3

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-52043 User enumeration in HubHub

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation user enumeration.This issue affects all released HumHub versions: through 1.16.2...

CVE-2024-52043

HumHub CVE-2024-52043 affects HumHub up to version 1.16.2. The issue stems from error messages that expose sensitive information, enabling user enumeration. Impact is described as potential exposure of user data via observable responses on Linux deployments. Connected documents consistently refer...

PT-2024-35101 · Humhub · Humhub

Name of the Vulnerable Software and Affected Versions: HumHub versions through 1.16.2 Description: The issue affects HumHub, allowing excavation through user enumeration due to an observable response discrepancy. This discrepancy can lead to the generation of error messages containing sensitive...

Security Bulletin: IBM Sterling Control Center is vulnerable to User Enumeration

Summary User Enumeration is affecting v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35114 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. CWE:CWE-204: Observable Response Discrepancy...

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 is affected by CVE-2024-41741, where an observable timing discrepancy could allow an attacker to determine valid usernames, enabling further attacks. The affected component is the authentication/username handling in TXSeries 10.1; impact is information disclos...

CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

Synology DiskStation Manager Observable Discrepancy (CVE-2017-5753)

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

CVE-2024-47129 Observable Response Discrepancy in goTenna Pro

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy through the login notification mechanism. An attacker can determine valid usernames by observing the different responses given for correct usernames with weak passwords versus incorrect usernames with wea...

ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

CVE-2023-49069

A vulnerability has been identified in Mendix Runtime V10 All versions V10.17.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.11 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All...

CVE-2023-49069

The CVE relates to Mendix Runtime authentication: an observable response discrepancy when validating usernames in basic authentication allows unauthenticated remote attackers to distinguish valid vs invalid usernames. Affected versions include Mendix Runtime V8 (all versions < V8.18.33), V9 (&...

Siemens Mendix Runtime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-42343

Loway - CWE-204: Observable Response Discrepancy...

CVE-2024-42343 Loway - CWE-204: Observable Response Discrepancy

Loway - CWE-204: Observable Response Discrepancy...