408 matches found
Account Enumeration
umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...
CVE-2024-31074
Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...
CVE-2024-31074
Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...
CVE-2024-31074
Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...
AZL-52426 CVE-2024-9681 affecting package mysql for versions less than 8.0.40-3
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...
CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...
CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 is affected by CVE-2024-41741, where an observable timing discrepancy could allow an attacker to determine valid usernames, enabling further attacks. The affected component is the authentication/username handling in TXSeries 10.1; impact is information disclos...
CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
CVE-2024-39921
CVE-2024-39921 describes an information-disclosure vulnerability in IPCOM EX2 Series (V01L02NF0001–V01L06NF0401, V01L20NF0001–V01L20NF0401, V02L20NF0001–V02L21NF0301) and IPCOM VE2 Series (V01L04NF0001–V01L06NF0112). The issue is an observable timing discrepancy that can allow an attacker to decr...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
JVN#29238389: IPCOM vulnerable to information disclosure
SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Impact Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication...
GO-2023-1661 Answer has Observable Timing Discrepancy in github.com/answerdev/answer
Answer has Observable Timing Discrepancy in github.com/answerdev/answer...
GO-2023-1294 easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt
easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt...
OpenTelemetry Collector < 0.107.0 Timing Discrepancy
The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured...
GHSA-RFXF-MF63-CPQV open-telemetry has an Observable Timing Discrepancy
Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...
open-telemetry has an Observable Timing Discrepancy
Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...