Hitachi Energy MicroSCADA Pro/X SYS600

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of...

Design/Logic Flaw

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487...

CVE-2022-22356

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487...

IBM MQ Appliance 安全漏洞

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. An information disclosure vulnerability exists in IBM MQ Appliance, which stems from an apparent discrepancy between valid and invalid login attempts, and can be exploited by...

Code injection

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state...

CVE-2022-0569

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...

CVE-2022-0569

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...

CVE-2022-0569 Observable Discrepancy in snipe/snipe-it

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...

CVE-2022-0569

CVE-2022-0569 affects snipe/snipe-it, prior to v5.3.9, with an information-disclosure flaw caused by differences in password-reset responses that can enumerate registered user emails. Impact is information disclosure (email enumeration) and potential brute-force risk implied by exposed email list...

CVE-2022-0569 Observable Discrepancy in snipe/snipe-it

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...

GHSA-54G4-5CF6-HJP3 Apache Hive Information Exposure and Observable Timing Discrepancy

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...

AlmaLinux 8 : microcode_ctl (ALSA-2021:2308)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:2308 advisory. - Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access...

GHSA-FPJ7-9XM6-8HGR Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to 1.55.1, 1.54.1, 1.53.1, and 1.47.1 does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. Configurati...

GHSA-4XWW-6H7V-29JG User enumeration in livehelperchat

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not...

Cisco Enterprise Chat and Email 安全漏洞

Cisco Enterprise Chat and Email CEC is a suite of enterprise chat and email solutions from Cisco. The product provides e-mail, chat, and Web callback capabilities for other Cisco solutions. A security vulnerability exists in Cisco Enterprise Chat and Email that stems from a vulnerability in the...

CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

Design/Logic Flaw

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

CVE-2022-22120

CVE-2022-22120 affects NocoDB versions 0.9 to 0.83.8. The vulnerability is an observable discrepancy in the password-reset flow that discloses whether an email is registered, enabling attacker-controlled enumeration of user email addresses. The description in the connected documents aligns on a u...

CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

NocoDB 安全漏洞

NocoDb is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. NocoDB suffers from a security vulnerability that stems from the fact that in NocoDB, versions 0.9 through 0.83.8 are vulnerable to Observable Discrepancy on the...