151 matches found
CVE-2022-31248
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...
CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...
Observable Response Discrepancy in Lost Password Service
Impact It is possible to enumerate usernames via the forgot password functionality Patches Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually...
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
CVE-2021-0089
Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
CVE-2021-0089
Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
Information disclosure
Observable response discrepancy in floating-point operations for some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...
Information disclosure
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...
CVE-2020-13413
CVE-2020-13413 affects Aviatrix Controller prior to version 5.4.1204. The issue is an observable response discrepancy in the API that makes it easier to enumerate valid usernames via brute force. Public references across multiple feeds describe this information disclosure vulnerability tying to u...