CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2022-34174

CVE-2022-34174 affects Jenkins 2.355 and earlier (and LTS 2.332.3 and earlier) where an observable timing discrepancy on the login form can distinguish between login attempts with an invalid username versus a valid username and wrong password when using the Jenkins user database security realm; t...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2022-31248 SUMA user enumeration via weak error message

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

CVE-2022-31248

CVE-2022-31248 is a Spacewalk/spacewalk-java vulnerability in SUSE Manager Server 4.1 and 4.2 where an observable response discrepancy allows remote attackers to enumerate valid usernames. Affected: spacewalk-java before 4.1.46-1 on 4.1 and before 4.2.37-1 on 4.2. There are no exploit details in ...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-2781 / CVE-2022-34170 SECURITY-2779, CVE-2022-34171 SECURITY-2761, CVE-2022-34172 SECURITY-2776, CVE-2022-34173 SECURITY-2780 Multiple XSS vulnerabilities Medium SECURITY-2566 / CVE-2022-34174 Observable timing discrepancy allows determining...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

Wrong calculation for the new rewardRate[token] can cause some of the late users can not get their rewards

Lines of code Vulnerability details uint bribeStart = block.timestamp - block.timestamp % 7 days + BRIBELAG; uint adjustedTstamp = block.timestamp = periodFinishtoken safeTransferFromtoken, msg.sender, addressthis, amount; rewardRatetoken = amount / DURATION; else uint remaining = periodFinishtok...

Magento observable timing discrepancy vulnerability

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...

GHSA-XGP9-J48H-JJF9 Magento observable timing discrepancy vulnerability

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...

Magento Signature verification bypass

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...

Improperly Skewed Governance Mechanism

Lines of code Vulnerability details ALR-02H: Improperly Skewed Governance Mechanism | File | Lines | Type ---|---|--- AuraLocker.sol | L594-L609, L611-L618 | Governance Susceptibility Description The balance checkpointing system exposed by the contract for governance purposes is flawed as it does...

CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...

GHSA-FWHR-G5R4-XGXF Silverstripe CMS User Enumeration

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

L10: Deposits don’t work with FoT tokens

78 comment Warden: hickuphh3 Line References Description FoT token deposits are not supported because amount is used for internal accounting, but the actual amount received will be less than it due to the fee. I gave a low severity rating because of the existence of a token whitelist. Referenced...

CVE-2021-33149

CVE-2021-33149 pertains to an observable behavioral discrepancy in some Intel processors that may allow an authorized user to disclose information via local access. The Intel advisory (INTEL-SA-00648) confirms affected products as all Intel processor families and assigns a CVSSv3.1 base score of ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : microcode_ctl Multiple Vulnerabilities (NS-SA-2022-0046)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has microcodectl packages installed that are affected by multiple vulnerabilities: - Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially...

NewStart CGSL MAIN 6.02 : microcode_ctl Multiple Vulnerabilities (NS-SA-2022-0060)

The remote NewStart CGSL host, running version MAIN 6.02, has microcodectl packages installed that are affected by multiple vulnerabilities: - Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable...

Wrong amount will be passed with fee on transfer tokens

Lines of code Vulnerability details Impact Loss of 1 to 1 ratio with fee on transfer tokens Proof of Concept Some tokens like USDT have a fee on transfer that can be activated. If such a token is used then wrong amounts will be minted on the other side. As we can see in the sendToCosmos function ...

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...