Siemens Mendix Runtime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-42343

Loway - CWE-204: Observable Response Discrepancy...

CVE-2024-42343

CVE-2024-42343 concerns a vulnerability in Loway QueueMetrics where an observable response discrepancy exists. Connected sources identify the affected product as Loway QueueMetrics, with versions cited as 17.06.1 through 22.02.11 (CNNVD) and reference to an observable response discrepancy that ca...

CVE-2024-42343 Loway - CWE-204: Observable Response Discrepancy

Loway - CWE-204: Observable Response Discrepancy...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

CVE-2024-39921

CVE-2024-39921 describes an information-disclosure vulnerability in IPCOM EX2 Series (V01L02NF0001–V01L06NF0401, V01L20NF0001–V01L20NF0401, V02L20NF0001–V02L21NF0301) and IPCOM VE2 Series (V01L04NF0001–V01L06NF0112). The issue is an observable timing discrepancy that can allow an attacker to decr...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

PT-2024-31404 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.44.0 Description: A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time i...

JVN#29238389: IPCOM vulnerable to information disclosure

SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Impact Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication...

GO-2022-0882 Observable Discrepancy in Argo in github.com/argoproj/argo-cd

Observable Discrepancy in Argo in github.com/argoproj/argo-cd...

GO-2023-1654 Answer has Observable Response Discrepancy in github.com/answerdev/answer

Answer has Observable Response Discrepancy in github.com/answerdev/answer...

GO-2023-1661 Answer has Observable Timing Discrepancy in github.com/answerdev/answer

Answer has Observable Timing Discrepancy in github.com/answerdev/answer...

GO-2023-1294 easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt

easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt...

OpenTelemetry Collector < 0.107.0 Timing Discrepancy

The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured...

GO-2024-3066 open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension

open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension...

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

GHSA-RFXF-MF63-CPQV open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...