Information Disclosure

sulu/sulu is vulnerable to Observable Response Discrepancy. The vulnerability exists due to the insecure access control used in the security.yaml configuration, which allows an attacker to detect whether a user's username or email exists and which ones do not exist through the Admin Login form...

Sulu Observable Response Discrepancy on Admin Login

Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

GHSA-WMWF-49VV-P3MR Sulu Observable Response Discrepancy on Admin Login

Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer

Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the...

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

Design/Logic Flaw

Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy...

CVE-2023-37217 Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy

Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy...

CVE-2023-37217 Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy

Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy...

CVE-2023-37217

CVE-2023-37217 affects Tadiran Telecom Aeonix. The vulnerability is described as an observable response discrepancy (CWE-204) that can reveal differences in responses; a false comparison vulnerability is noted in external summaries (CNNVD/PT-2023-25835) as the underlying issue. CVSS data indicate...

PT-2023-25835 · Tadiran Telecom · Tadiran Telecom Aeonix

Name of the Vulnerable Software and Affected Versions: Tadiran Telecom Aeonix affected versions not specified Description: The issue is related to an observable response discrepancy, which is a type of security flaw. This discrepancy can potentially be exploited. Recommendations: At the moment,...

Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers

Overview Command Center RX CCRX, a web interface for MFPs and printers provided by KYOCERA Document Solutions Inc., contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2023-34259 Path traversal CWE-22 - CVE-2023-34260 Observable response discrepancy CWE-204 - CVE-2023-3426...

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...

CVE-2023-35698

CVE-2023-35698 concerns the SICK ICR890-4 track-and-trace system. A network-facing issue causes an observable response discrepancy during an FTP login failure, which could allow a remote attacker to identify valid FTP usernames. The precise vulnerable component is not fully detailed in the provid...

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...

SICK ICR890-4 安全漏洞

The SICK ICR890-4 is a track and trace system from SICK, Germany. A security vulnerability exists in the SICK ICR890-4 that stems from an observable response discrepancy when attempting to log into an FTP server...

Rotem Dynamics Rotem CRM 安全漏洞

Rotem Dynamics Rotem CRM is a customer relationship management system from Rotem Dynamics. A security vulnerability exists in Rotem Dynamics Rotem CRM 20230729 and earlier versions, which stems from a problem with the file /LandingPages/api/otp/send?id=IDampersandmethod=sms, which can lead to...

Multiple vulnerabilities cURL libcurl affect AIX

IBM SECURITY ADVISORY First Issued: Thu Jun 29 09:35:59 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory2.asc Security Bulletin: Multiple vulnerabilities cURL libcurl affect AIX...

Exploit for Observable Discrepancy in Linux Linux_Kernel

SCTF2023kernelpwn SCTF 2023 kernel pwn Off-topic: an adverti...

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...