87 matches found
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor : Mitsubishi Electric Equipment : MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities : Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...
Siemens Mendix Forgot Password Module
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Observable Discrepancy (Information Exposure)
piccolo is vulnerable to Observable Discrepancy Information Exposure. The vulnerability is caused by a defect in the BaseUser.login function which fails to return responses in a constant time but based on internal state of the application. e.g: a response is generated immediately when user is not...
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...
PT-2023-17061 · Answer +3 · Answer +2
Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.0.6 Description: The issue concerns an Observable Response Discrepancy. No further details are provided about the nature of this discrepancy or its potential impact. There is no information available regarding the...
Siemens Desigo PXC and DXR Devices Observable Discrepancy (CVE-2022-24043)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...
CVE-2023-0440
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
CVE-2023-0440 Observable Discrepancy in healthchecks/healthchecks
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
CVE-2020-14002
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...
Hitachi Energy System Data Manager
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...
Hitachi Energy MicroSCADA Pro/X SYS600
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of...
CVE-2022-22356
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487...
CVE-2022-0569
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...
CVE-2022-0569
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...
CVE-2022-0569
CVE-2022-0569 affects snipe/snipe-it, prior to v5.3.9, with an information-disclosure flaw caused by differences in password-reset responses that can enumerate registered user emails. Impact is information disclosure (email enumeration) and potential brute-force risk implied by exposed email list...
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9...
GHSA-4XWW-6H7V-29JG User enumeration in livehelperchat
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not...
Design/Logic Flaw
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...
CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...