Lucene search
+L

408 matches found

Veracode
Veracode
added 2025/01/27 3:8 a.m.15 views

Account Enumeration

umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...

5.3CVSS6.6AI score0.01451EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/11/13 9:15 p.m.9 views

CVE-2024-31074

Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...

8.2CVSS0.00509EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 9:11 p.m.13 views

CVE-2024-31074

Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...

8.2CVSS6.6AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 9:11 p.m.16 views

CVE-2024-31074

Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...

8.2CVSS0.00509EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 8:15 a.m.9 views

AZL-52426 CVE-2024-9681 affecting package mysql for versions less than 8.0.40-3

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS6.7AI score0.0197EPSS
Exploits1References1
NVD
NVD
added 2024/11/01 5:15 p.m.35 views

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

5.3CVSS0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 4:40 p.m.27 views

CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

5.3CVSS6.6AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2024/11/01 4:40 p.m.68 views

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 is affected by CVE-2024-41741, where an observable timing discrepancy could allow an attacker to determine valid usernames, enabling further attacks. The affected component is the authentication/username handling in TXSeries 10.1; impact is information disclos...

5.3CVSS5.1AI score0.00306EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/01 4:40 p.m.34 views

CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

5.3CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 2024/09/04 3:15 a.m.38 views

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

7.5CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2024/09/04 3:15 a.m.2 views

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

7.5CVSS5.8AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/04 1:51 a.m.13 views

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

7AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2024/09/04 1:51 a.m.61 views

CVE-2024-39921

CVE-2024-39921 describes an information-disclosure vulnerability in IPCOM EX2 Series (V01L02NF0001–V01L06NF0401, V01L20NF0001–V01L20NF0401, V02L20NF0001–V02L21NF0301) and IPCOM VE2 Series (V01L04NF0001–V01L06NF0112). The issue is an observable timing discrepancy that can allow an attacker to decr...

7.5CVSS6.7AI score0.00427EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/04 1:51 a.m.35 views

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

0.00427EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/30 12:0 a.m.18 views

JVN#29238389: IPCOM vulnerable to information disclosure

SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Impact Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication...

7.5CVSS7.2AI score0.00427EPSS
Exploits0
OSV
OSV
added 2024/08/20 8:29 p.m.19 views

GO-2023-1661 Answer has Observable Timing Discrepancy in github.com/answerdev/answer

Answer has Observable Timing Discrepancy in github.com/answerdev/answer...

5.3CVSS5.2AI score0.00639EPSS
Exploits1References4
OSV
OSV
added 2024/08/20 8:25 p.m.61 views

GO-2023-1294 easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt

easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt...

5.3CVSS5.2AI score0.00704EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/08/15 12:0 a.m.14 views

OpenTelemetry Collector < 0.107.0 Timing Discrepancy

The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured...

6.5CVSS6.5AI score0.0062EPSS
Exploits0References2
OSV
OSV
added 2024/08/13 6:59 p.m.12 views

GHSA-RFXF-MF63-CPQV open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

6.9CVSS6.3AI score0.0062EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/08/13 6:59 p.m.22 views

open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

6.5CVSS7AI score0.0062EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder