Lucene search
+L

168 matches found

NVD
NVD
added 2024/09/18 2:15 p.m.18 views

CVE-2024-8891

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

5.3CVSS0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.4 views

CIRCUTOR Q-SMT 安全漏洞

CIRCUTOR Q-SMT is an industrial hardware device from CIRCUTOR, Inc. A security vulnerability exists in CIRCUTOR Q-SMT version 1.0.4, which stems from an attacker's ability to construct a dictionary of potential users and inspect server responses without knowing the current user in the web...

5.3CVSS6.7AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2024/09/12 7:15 p.m.17 views

CVE-2024-34336

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...

5.3CVSS0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 12:0 a.m.19 views

CVE-2024-34336

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...

7AI score0.0038EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/09/12 12:0 a.m.21 views

CVE-2024-34336

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...

0.0038EPSS
Exploits1References1
Veracode
Veracode
added 2024/07/16 8:34 a.m.19 views

Denial Of Service (DoS)

golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to the client mishandling cases where a server responds with a non-informational status, which leaves the client connection in an invalid state. Attackers can exploit this by sending "Expect: 100-continue" requests ...

7.5CVSS6.8AI score0.01414EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2024/06/11 6:5 a.m.22 views

Password Hash Disclosure

born05/craft-twofactorauthentication is vulnerable to Password Hash Disclosure. The vulnerability is due to the improper handling of password hashes, which are exposed in server responses after a valid TOTP submission. Attackers can exploit this by controlling a user's session to obtain the...

8.1CVSS6.8AI score0.00832EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.16 views

RHEL 5 : libxi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXi: Multiple Array Index error leading to heap-based OOB write CVE-2013-1998 - libXi: Insufficient...

7.5CVSS8.9AI score0.03009EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/20 11:6 a.m.4 views

go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

7.5CVSS7.1AI score0.00704EPSS
Exploits0References5
NVD
NVD
added 2024/01/22 9:15 p.m.28 views

CVE-2024-23677

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

5.3CVSS4.8AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2024/01/12 11:15 a.m.6 views

UBUNTU-CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

7.5CVSS6.8AI score0.00704EPSS
Exploits0References4
OSV
OSV
added 2023/12/18 10:15 a.m.1 views

DEBIAN-CVE-2023-32726

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server...

8.1CVSS6.4AI score0.00673EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.1 views

PT-2023-30850 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 2 Description: A vulnerability has been identified in the affected software, where it does not correctly validate the response received by a UMC server. This can be exploited by an attacker to crash...

8.6CVSS8.8AI score0.00616EPSS
Exploits0References4
OSV
OSV
added 2023/11/27 10:15 a.m.10 views

CVE-2023-6254

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...

7.5CVSS5.8AI score0.00647EPSS
Exploits0References1
OSV
OSV
added 2023/11/27 10:15 a.m.4 views

UBUNTU-CVE-2023-6254

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...

8.1CVSS7.1AI score0.00647EPSS
Exploits0References3
NVD
NVD
added 2023/10/31 6:15 p.m.15 views

CVE-2023-37831

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...

5.3CVSS5.3AI score0.00462EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/31 6:15 p.m.4 views

CVE-2023-37831

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...

5.3CVSS6.1AI score0.00462EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.4 views

PT-2023-26135 · Elenos · Elenos Etg150 Fm Transmitter

Name of the Vulnerable Software and Affected Versions: Elenos ETG150 FM transmitter version 3.12 Description: An issue in the Elenos ETG150 FM transmitter allows attackers to enumerate user accounts based on server responses when credentials are submitted. Recommendations: For Elenos ETG150 FM...

5.3CVSS7AI score0.00462EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/10/31 12:0 a.m.21 views

CVE-2023-37831

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...

5.6AI score0.00462EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/31 12:0 a.m.16 views

CVE-2023-37831

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted...

6.9AI score0.00462EPSS
Exploits1References1
Rows per page
Query Builder