929 matches found
CVE-2023-26071
An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...
CVE-2023-26071
Summary (CVE-2023-26071): MCUBO ICT (versions up to 10.12.4 / 6.0.2) is affected by an observable response discrepancy on the login page. The issue allows an unauthenticated attacker to perform user enumeration by receiving different responses to similar requests, revealing internal state informa...
CVE-2023-26071
An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...
CVE-2023-28431
CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
GHSA-6X5V-CXPP-PC5X Answer has Observable Response Discrepancy
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
Answer has Observable Timing Discrepancy
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
Answer has Observable Response Discrepancy
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
GHSA-RVJP-8QJ4-8P29 Answer has Observable Timing Discrepancy
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1538
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1540
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
Buffer overflow
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
Buffer overflow
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
PT-2023-17061 · Answer +3 · Answer +2
Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.0.6 Description: The issue concerns an Observable Response Discrepancy. No further details are provided about the nature of this discrepancy or its potential impact. There is no information available regarding the...
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1540 Observable Response Discrepancy in answerdev/answer
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
PT-2023-17059 · Answer · Answer
Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.0.6 Description: The issue concerns an Observable Timing Discrepancy in the GitHub repository answerdev/answer. This discrepancy can potentially be exploited. No information is provided about the estimated number of...
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1540
CVE-2023-1540 concerns the open‑source knowledgebase app answerdev/answer prior to version 1.0.6. The vulnerability is described as an observable response discrepancy in the GitHub repository’s Answer before 1.0.6, enabling information disclosure during the password reset flow: an attacker could ...